1diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/ASN1Boolean.java bcprov-jdk15on-152/org/bouncycastle/asn1/ASN1Boolean.java 2--- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/ASN1Boolean.java 2015-03-01 12:03:02.000000000 +0000 3+++ bcprov-jdk15on-152/org/bouncycastle/asn1/ASN1Boolean.java 2014-07-28 19:51:54.000000000 +0000 4@@ -23,7 +23,9 @@ 5 private static final byte[] TRUE_VALUE = new byte[] { (byte)0xff }; 6 private static final byte[] FALSE_VALUE = new byte[] { 0 }; 7 8- private byte[] value; 9+ // BEGIN android-changed 10+ final private byte[] value; 11+ // END android-changed 12 13 public static final ASN1Boolean FALSE = new ASN1Boolean(false); 14 public static final ASN1Boolean TRUE = new ASN1Boolean(true); 15@@ -79,6 +81,17 @@ 16 return (value != 0 ? TRUE : FALSE); 17 } 18 19+ // BEGIN android-added 20+ /** 21+ * return a ASN1Boolean from the passed in array. 22+ */ 23+ public static ASN1Boolean getInstance( 24+ byte[] octets) 25+ { 26+ return (octets[0] != 0) ? TRUE : FALSE; 27+ } 28+ 29+ // END android-added 30 /** 31 * return a Boolean from a tagged object. 32 * 33@@ -105,7 +118,9 @@ 34 } 35 } 36 37- ASN1Boolean( 38+ // BEGIN android-changed 39+ protected ASN1Boolean( 40+ // END android-changed 41 byte[] value) 42 { 43 if (value.length != 1) 44@@ -131,8 +146,10 @@ 45 * @deprecated use getInstance(boolean) method. 46 * @param value true or false. 47 */ 48- public ASN1Boolean( 49+ // BEGIN android-changed 50+ protected ASN1Boolean( 51 boolean value) 52+ // END android-changed 53 { 54 this.value = (value) ? TRUE_VALUE : FALSE_VALUE; 55 } 56diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk15on-152/org/bouncycastle/asn1/ASN1Null.java 57--- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/ASN1Null.java 2015-03-01 12:03:02.000000000 +0000 58+++ bcprov-jdk15on-152/org/bouncycastle/asn1/ASN1Null.java 2014-07-28 19:51:54.000000000 +0000 59@@ -8,6 +8,12 @@ 60 public abstract class ASN1Null 61 extends ASN1Primitive 62 { 63+ // BEGIN android-added 64+ /*package*/ ASN1Null() 65+ { 66+ } 67+ 68+ // END android-added 69 /** 70 * Return an instance of ASN.1 NULL from the passed in object. 71 * <p> 72diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/ASN1ObjectIdentifier.java bcprov-jdk15on-152/org/bouncycastle/asn1/ASN1ObjectIdentifier.java 73--- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/ASN1ObjectIdentifier.java 2015-03-01 12:03:02.000000000 +0000 74+++ bcprov-jdk15on-152/org/bouncycastle/asn1/ASN1ObjectIdentifier.java 2014-07-28 19:51:54.000000000 +0000 75@@ -152,7 +152,13 @@ 76 } 77 } 78 79- this.identifier = objId.toString(); 80+ // BEGIN android-changed 81+ /* 82+ * Intern the identifier so there aren't hundreds of duplicates 83+ * (in practice). 84+ */ 85+ this.identifier = objId.toString().intern(); 86+ // END android-changed 87 this.body = Arrays.clone(bytes); 88 } 89 90@@ -173,7 +179,13 @@ 91 throw new IllegalArgumentException("string " + identifier + " not an OID"); 92 } 93 94- this.identifier = identifier; 95+ // BEGIN android-changed 96+ /* 97+ * Intern the identifier so there aren't hundreds of duplicates 98+ * (in practice). 99+ */ 100+ this.identifier = identifier.intern(); 101+ // END android-changed 102 } 103 104 /** 105diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk15on-152/org/bouncycastle/asn1/DERNull.java 106--- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/DERNull.java 2015-03-01 12:03:02.000000000 +0000 107+++ bcprov-jdk15on-152/org/bouncycastle/asn1/DERNull.java 2013-01-31 02:26:40.000000000 +0000 108@@ -15,7 +15,9 @@ 109 /** 110 * @deprecated use DERNull.INSTANCE 111 */ 112- public DERNull() 113+ // BEGIN android-changed 114+ protected DERNull() 115+ // END android-changed 116 { 117 } 118 119diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk15on-152/org/bouncycastle/asn1/DERPrintableString.java 120--- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/DERPrintableString.java 2015-03-01 12:03:02.000000000 +0000 121+++ bcprov-jdk15on-152/org/bouncycastle/asn1/DERPrintableString.java 2014-07-28 19:51:54.000000000 +0000 122@@ -12,7 +12,9 @@ 123 extends ASN1Primitive 124 implements ASN1String 125 { 126- private byte[] string; 127+ // BEGIN android-changed 128+ private final byte[] string; 129+ // END android-changed 130 131 /** 132 * return a printable string from the passed in object. 133diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/StreamUtil.java bcprov-jdk15on-152/org/bouncycastle/asn1/StreamUtil.java 134--- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/StreamUtil.java 2015-03-01 12:03:02.000000000 +0000 135+++ bcprov-jdk15on-152/org/bouncycastle/asn1/StreamUtil.java 2014-05-05 17:17:14.000000000 +0000 136@@ -8,7 +8,9 @@ 137 138 class StreamUtil 139 { 140- private static final long MAX_MEMORY = Runtime.getRuntime().maxMemory(); 141+ // BEGIN android-removed 142+ // private static final long MAX_MEMORY = Runtime.getRuntime().maxMemory(); 143+ // END android-removed 144 145 /** 146 * Find out possible longest length... 147@@ -48,12 +50,15 @@ 148 } 149 } 150 151- if (MAX_MEMORY > Integer.MAX_VALUE) 152+ // BEGIN android-changed 153+ long maxMemory = Runtime.getRuntime().maxMemory(); 154+ if (maxMemory > Integer.MAX_VALUE) 155 { 156 return Integer.MAX_VALUE; 157 } 158 159- return (int)MAX_MEMORY; 160+ return (int) maxMemory; 161+ // END android-changed 162 } 163 164 static int calculateBodyLength( 165diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk15on-152/org/bouncycastle/asn1/cms/ContentInfo.java 166--- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/cms/ContentInfo.java 2015-03-01 12:03:02.000000000 +0000 167+++ bcprov-jdk15on-152/org/bouncycastle/asn1/cms/ContentInfo.java 2013-12-12 00:35:05.000000000 +0000 168@@ -28,7 +28,9 @@ 169 */ 170 public class ContentInfo 171 extends ASN1Object 172- implements CMSObjectIdentifiers 173+ // BEGIN android-removed 174+ // implements CMSObjectIdentifiers 175+ // END android-removed 176 { 177 private ASN1ObjectIdentifier contentType; 178 private ASN1Encodable content; 179diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk15on-152/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 180--- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2015-03-01 12:03:02.000000000 +0000 181+++ bcprov-jdk15on-152/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2013-12-12 00:35:05.000000000 +0000 182@@ -13,10 +13,12 @@ 183 static final ASN1ObjectIdentifier pkcs_1 = new ASN1ObjectIdentifier("1.2.840.113549.1.1"); 184 /** PKCS#1: 1.2.840.113549.1.1.1 */ 185 static final ASN1ObjectIdentifier rsaEncryption = pkcs_1.branch("1"); 186- /** PKCS#1: 1.2.840.113549.1.1.2 */ 187- static final ASN1ObjectIdentifier md2WithRSAEncryption = pkcs_1.branch("2"); 188- /** PKCS#1: 1.2.840.113549.1.1.3 */ 189- static final ASN1ObjectIdentifier md4WithRSAEncryption = pkcs_1.branch("3"); 190+ // BEGIN android-removed 191+ // /** PKCS#1: 1.2.840.113549.1.1.2 */ 192+ // static final ASN1ObjectIdentifier md2WithRSAEncryption = pkcs_1.branch("2"); 193+ // /** PKCS#1: 1.2.840.113549.1.1.3 */ 194+ // static final ASN1ObjectIdentifier md4WithRSAEncryption = pkcs_1.branch("3"); 195+ // END android-removed 196 /** PKCS#1: 1.2.840.113549.1.1.4 */ 197 static final ASN1ObjectIdentifier md5WithRSAEncryption = pkcs_1.branch("4"); 198 /** PKCS#1: 1.2.840.113549.1.1.5 */ 199@@ -96,15 +98,19 @@ 200 // md2 OBJECT IDENTIFIER ::= 201 // {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 2} 202 // 203- /** 1.2.840.113549.2.2 */ 204- static final ASN1ObjectIdentifier md2 = digestAlgorithm.branch("2"); 205+ // BEGIN android-removed 206+ // /** 1.2.840.113549.2.2 */ 207+ // static final ASN1ObjectIdentifier md2 = digestAlgorithm.branch("2"); 208+ // END android-removed 209 210 // 211 // md4 OBJECT IDENTIFIER ::= 212 // {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 4} 213 // 214- /** 1.2.840.113549.2.4 */ 215- static final ASN1ObjectIdentifier md4 = digestAlgorithm.branch("4"); 216+ // BEGIN android-removed 217+ // /** 1.2.840.113549.2.4 */ 218+ // static final ASN1ObjectIdentifier md4 = digestAlgorithm.branch("4"); 219+ // END android-removed 220 221 // 222 // md5 OBJECT IDENTIFIER ::= 223diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java bcprov-jdk15on-152/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 224--- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2015-03-01 12:03:02.000000000 +0000 225+++ bcprov-jdk15on-152/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2014-07-28 19:51:54.000000000 +0000 226@@ -14,7 +14,9 @@ 227 import org.bouncycastle.asn1.DERSequence; 228 import org.bouncycastle.asn1.DERTaggedObject; 229 import org.bouncycastle.crypto.Digest; 230-import org.bouncycastle.crypto.digests.SHA1Digest; 231+// BEGIN android-changed 232+import org.bouncycastle.crypto.digests.AndroidDigestFactory; 233+// END android-changed 234 235 /** 236 * The AuthorityKeyIdentifier object. 237@@ -106,7 +108,9 @@ 238 public AuthorityKeyIdentifier( 239 SubjectPublicKeyInfo spki) 240 { 241- Digest digest = new SHA1Digest(); 242+ // BEGIN android-changed 243+ Digest digest = AndroidDigestFactory.getSHA1(); 244+ // END android-changed 245 byte[] resBuf = new byte[digest.getDigestSize()]; 246 247 byte[] bytes = spki.getPublicKeyData().getBytes(); 248@@ -125,7 +129,9 @@ 249 GeneralNames name, 250 BigInteger serialNumber) 251 { 252- Digest digest = new SHA1Digest(); 253+ // BEGIN android-changed 254+ Digest digest = AndroidDigestFactory.getSHA1(); 255+ // END android-changed 256 byte[] resBuf = new byte[digest.getDigestSize()]; 257 258 byte[] bytes = spki.getPublicKeyData().getBytes(); 259diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk15on-152/org/bouncycastle/asn1/x509/X509Name.java 260--- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x509/X509Name.java 2015-03-01 12:03:02.000000000 +0000 261+++ bcprov-jdk15on-152/org/bouncycastle/asn1/x509/X509Name.java 2013-12-12 00:35:05.000000000 +0000 262@@ -255,8 +255,10 @@ 263 */ 264 public static final Hashtable SymbolLookUp = DefaultLookUp; 265 266- private static final Boolean TRUE = new Boolean(true); // for J2ME compatibility 267- private static final Boolean FALSE = new Boolean(false); 268+ // BEGIN android-changed 269+ private static final Boolean TRUE = Boolean.TRUE; 270+ private static final Boolean FALSE = Boolean.FALSE; 271+ // END android-changed 272 273 static 274 { 275@@ -446,7 +448,9 @@ 276 throw new IllegalArgumentException("cannot encode value"); 277 } 278 } 279- added.addElement((i != 0) ? TRUE : FALSE); // to allow earlier JDK compatibility 280+ // BEGIN android-changed 281+ added.addElement(Boolean.valueOf(i != 0)); 282+ // END android-changed 283 } 284 } 285 } 286diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk15on-152/org/bouncycastle/asn1/x509/X509NameTokenizer.java 287--- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2015-03-01 12:03:02.000000000 +0000 288+++ bcprov-jdk15on-152/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2013-05-25 02:14:15.000000000 +0000 289@@ -78,6 +78,17 @@ 290 } 291 else 292 { 293+ // BEGIN android-added 294+ // copied from a newer version of BouncyCastle 295+ if (c == '#' && buf.charAt(buf.length() - 1) == '=') 296+ { 297+ buf.append('\\'); 298+ } 299+ else if (c == '+' && separator != '+') 300+ { 301+ buf.append('\\'); 302+ } 303+ // END android-added 304 buf.append(c); 305 } 306 } 307diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x9/ECNamedCurveTable.java bcprov-jdk15on-152/org/bouncycastle/asn1/x9/ECNamedCurveTable.java 308--- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x9/ECNamedCurveTable.java 2015-03-01 12:03:02.000000000 +0000 309+++ bcprov-jdk15on-152/org/bouncycastle/asn1/x9/ECNamedCurveTable.java 2014-07-28 19:51:54.000000000 +0000 310@@ -6,7 +6,9 @@ 311 import org.bouncycastle.asn1.ASN1ObjectIdentifier; 312 import org.bouncycastle.asn1.nist.NISTNamedCurves; 313 import org.bouncycastle.asn1.sec.SECNamedCurves; 314-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; 315+// BEGIN android-removed 316+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; 317+// END android-removed 318 319 /** 320 * A general class that reads all X9.62 style EC curve tables. 321@@ -30,10 +32,12 @@ 322 ecP = SECNamedCurves.getByName(name); 323 } 324 325- if (ecP == null) 326- { 327- ecP = TeleTrusTNamedCurves.getByName(name); 328- } 329+ // BEGIN android-removed 330+ // if (ecP == null) 331+ // { 332+ // ecP = TeleTrusTNamedCurves.getByName(name); 333+ // } 334+ // END android-removed 335 336 if (ecP == null) 337 { 338@@ -59,10 +63,12 @@ 339 oid = SECNamedCurves.getOID(name); 340 } 341 342- if (oid == null) 343- { 344- oid = TeleTrusTNamedCurves.getOID(name); 345- } 346+ // BEGIN android-removed 347+ // if (oid == null) 348+ // { 349+ // oid = TeleTrusTNamedCurves.getOID(name); 350+ // } 351+ // END android-removed 352 353 if (oid == null) 354 { 355@@ -89,10 +95,12 @@ 356 ecP = SECNamedCurves.getByOID(oid); 357 } 358 359- if (ecP == null) 360- { 361- ecP = TeleTrusTNamedCurves.getByOID(oid); 362- } 363+ // BEGIN android-removed 364+ // if (ecP == null) 365+ // { 366+ // ecP = TeleTrusTNamedCurves.getByOID(oid); 367+ // } 368+ // END android-removed 369 370 // NOTE: All the NIST curves are currently from SEC, so no point in redundant OID lookup 371 372@@ -111,7 +119,9 @@ 373 addEnumeration(v, X962NamedCurves.getNames()); 374 addEnumeration(v, SECNamedCurves.getNames()); 375 addEnumeration(v, NISTNamedCurves.getNames()); 376- addEnumeration(v, TeleTrusTNamedCurves.getNames()); 377+ // BEGIN android-removed 378+ // addEnumeration(v, TeleTrusTNamedCurves.getNames()); 379+ // END android-removed 380 381 return v.elements(); 382 } 383diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java bcprov-jdk15on-152/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java 384--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java 2015-03-01 12:03:02.000000000 +0000 385+++ bcprov-jdk15on-152/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java 2015-07-07 18:14:00.000000000 +0000 386@@ -6,6 +6,9 @@ 387 import org.bouncycastle.crypto.CipherParameters; 388 import org.bouncycastle.crypto.params.ECPrivateKeyParameters; 389 import org.bouncycastle.crypto.params.ECPublicKeyParameters; 390+// BEGIN android-added 391+import org.bouncycastle.math.ec.ECCurve; 392+// END android-added 393 import org.bouncycastle.math.ec.ECPoint; 394 395 /** 396@@ -41,8 +44,23 @@ 397 public BigInteger calculateAgreement( 398 CipherParameters pubKey) 399 { 400- ECPublicKeyParameters pub = (ECPublicKeyParameters)pubKey; 401- ECPoint P = pub.getQ().multiply(key.getD()).normalize(); 402+ // BEGIN android-changed 403+ ECPoint peerPoint = ((ECPublicKeyParameters) pubKey).getQ(); 404+ ECCurve myCurve = key.getParameters().getCurve(); 405+ if (peerPoint.isInfinity()) { 406+ throw new IllegalStateException("Infinity is not a valid public key for ECDH"); 407+ } 408+ try { 409+ myCurve.validatePoint(peerPoint.getXCoord().toBigInteger(), 410+ peerPoint.getYCoord().toBigInteger()); 411+ } catch (IllegalArgumentException ex) { 412+ throw new IllegalStateException("The peer public key must be on the curve for ECDH"); 413+ } 414+ // Explicitly construct a public key using the private key's curve. 415+ ECPoint pubPoint = myCurve.createPoint(peerPoint.getXCoord().toBigInteger(), 416+ peerPoint.getYCoord().toBigInteger()); 417+ ECPoint P = pubPoint.multiply(key.getD()).normalize(); 418+ // END android-changed 419 420 if (P.isInfinity()) 421 { 422diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 423--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 1970-01-01 00:00:00.000000000 +0000 424+++ bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 2013-09-26 18:06:21.000000000 +0000 425@@ -0,0 +1,87 @@ 426+/* 427+ * Copyright (C) 2012 The Android Open Source Project 428+ * 429+ * Licensed under the Apache License, Version 2.0 (the "License"); 430+ * you may not use this file except in compliance with the License. 431+ * You may obtain a copy of the License at 432+ * 433+ * http://www.apache.org/licenses/LICENSE-2.0 434+ * 435+ * Unless required by applicable law or agreed to in writing, software 436+ * distributed under the License is distributed on an "AS IS" BASIS, 437+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 438+ * See the License for the specific language governing permissions and 439+ * limitations under the License. 440+ */ 441+ 442+package org.bouncycastle.crypto.digests; 443+ 444+import org.bouncycastle.crypto.Digest; 445+ 446+/** 447+ * Level of indirection to let us select OpenSSLDigest implementations 448+ * for libcore but fallback to BouncyCastle ones on the RI. 449+ */ 450+public final class AndroidDigestFactory { 451+ private static final String OpenSSLFactoryClassName 452+ = AndroidDigestFactory.class.getName() + "OpenSSL"; 453+ private static final String BouncyCastleFactoryClassName 454+ = AndroidDigestFactory.class.getName() + "BouncyCastle"; 455+ 456+ private static final AndroidDigestFactoryInterface FACTORY; 457+ static { 458+ Class factoryImplementationClass; 459+ try { 460+ factoryImplementationClass = Class.forName(OpenSSLFactoryClassName); 461+ // Double check for NativeCrypto in case we are running on RI for testing 462+ Class.forName("com.android.org.conscrypt.NativeCrypto"); 463+ } catch (ClassNotFoundException e1) { 464+ try { 465+ factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName); 466+ } catch (ClassNotFoundException e2) { 467+ AssertionError e = new AssertionError("Failed to load " 468+ + "AndroidDigestFactoryInterface " 469+ + "implementation. Looked for " 470+ + OpenSSLFactoryClassName + " and " 471+ + BouncyCastleFactoryClassName); 472+ e.initCause(e1); 473+ throw e; 474+ } 475+ } 476+ if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) { 477+ throw new AssertionError(factoryImplementationClass 478+ + "does not implement AndroidDigestFactoryInterface"); 479+ } 480+ try { 481+ FACTORY = (AndroidDigestFactoryInterface) factoryImplementationClass.newInstance(); 482+ } catch (InstantiationException e) { 483+ throw new AssertionError(e); 484+ } catch (IllegalAccessException e) { 485+ throw new AssertionError(e); 486+ } 487+ } 488+ 489+ public static Digest getMD5() { 490+ return FACTORY.getMD5(); 491+ } 492+ 493+ public static Digest getSHA1() { 494+ return FACTORY.getSHA1(); 495+ } 496+ 497+ public static Digest getSHA224() { 498+ return FACTORY.getSHA224(); 499+ } 500+ 501+ public static Digest getSHA256() { 502+ return FACTORY.getSHA256(); 503+ } 504+ 505+ public static Digest getSHA384() { 506+ return FACTORY.getSHA384(); 507+ } 508+ 509+ public static Digest getSHA512() { 510+ return FACTORY.getSHA512(); 511+ } 512+} 513diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java 514--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java 1970-01-01 00:00:00.000000000 +0000 515+++ bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java 2013-09-26 18:06:21.000000000 +0000 516@@ -0,0 +1,40 @@ 517+/* 518+ * Copyright (C) 2012 The Android Open Source Project 519+ * 520+ * Licensed under the Apache License, Version 2.0 (the "License"); 521+ * you may not use this file except in compliance with the License. 522+ * You may obtain a copy of the License at 523+ * 524+ * http://www.apache.org/licenses/LICENSE-2.0 525+ * 526+ * Unless required by applicable law or agreed to in writing, software 527+ * distributed under the License is distributed on an "AS IS" BASIS, 528+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 529+ * See the License for the specific language governing permissions and 530+ * limitations under the License. 531+ */ 532+ 533+package org.bouncycastle.crypto.digests; 534+ 535+import org.bouncycastle.crypto.Digest; 536+ 537+public class AndroidDigestFactoryBouncyCastle implements AndroidDigestFactoryInterface { 538+ public Digest getMD5() { 539+ return new MD5Digest(); 540+ } 541+ public Digest getSHA1() { 542+ return new SHA1Digest(); 543+ } 544+ public Digest getSHA224() { 545+ return new SHA224Digest(); 546+ } 547+ public Digest getSHA256() { 548+ return new SHA256Digest(); 549+ } 550+ public Digest getSHA384() { 551+ return new SHA384Digest(); 552+ } 553+ public Digest getSHA512() { 554+ return new SHA512Digest(); 555+ } 556+} 557diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java 558--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java 1970-01-01 00:00:00.000000000 +0000 559+++ bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java 2013-09-26 18:06:21.000000000 +0000 560@@ -0,0 +1,28 @@ 561+/* 562+ * Copyright (C) 2012 The Android Open Source Project 563+ * 564+ * Licensed under the Apache License, Version 2.0 (the "License"); 565+ * you may not use this file except in compliance with the License. 566+ * You may obtain a copy of the License at 567+ * 568+ * http://www.apache.org/licenses/LICENSE-2.0 569+ * 570+ * Unless required by applicable law or agreed to in writing, software 571+ * distributed under the License is distributed on an "AS IS" BASIS, 572+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 573+ * See the License for the specific language governing permissions and 574+ * limitations under the License. 575+ */ 576+ 577+package org.bouncycastle.crypto.digests; 578+ 579+import org.bouncycastle.crypto.Digest; 580+ 581+interface AndroidDigestFactoryInterface { 582+ public Digest getMD5(); 583+ public Digest getSHA1(); 584+ public Digest getSHA224(); 585+ public Digest getSHA256(); 586+ public Digest getSHA384(); 587+ public Digest getSHA512(); 588+} 589diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java 590--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java 1970-01-01 00:00:00.000000000 +0000 591+++ bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java 2013-09-26 18:06:21.000000000 +0000 592@@ -0,0 +1,40 @@ 593+/* 594+ * Copyright (C) 2012 The Android Open Source Project 595+ * 596+ * Licensed under the Apache License, Version 2.0 (the "License"); 597+ * you may not use this file except in compliance with the License. 598+ * You may obtain a copy of the License at 599+ * 600+ * http://www.apache.org/licenses/LICENSE-2.0 601+ * 602+ * Unless required by applicable law or agreed to in writing, software 603+ * distributed under the License is distributed on an "AS IS" BASIS, 604+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 605+ * See the License for the specific language governing permissions and 606+ * limitations under the License. 607+ */ 608+ 609+package org.bouncycastle.crypto.digests; 610+ 611+import org.bouncycastle.crypto.Digest; 612+ 613+public class AndroidDigestFactoryOpenSSL implements AndroidDigestFactoryInterface { 614+ public Digest getMD5() { 615+ return new OpenSSLDigest.MD5(); 616+ } 617+ public Digest getSHA1() { 618+ return new OpenSSLDigest.SHA1(); 619+ } 620+ public Digest getSHA224() { 621+ return new OpenSSLDigest.SHA224(); 622+ } 623+ public Digest getSHA256() { 624+ return new OpenSSLDigest.SHA256(); 625+ } 626+ public Digest getSHA384() { 627+ return new OpenSSLDigest.SHA384(); 628+ } 629+ public Digest getSHA512() { 630+ return new OpenSSLDigest.SHA512(); 631+ } 632+} 633diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk15on-152/org/bouncycastle/crypto/digests/OpenSSLDigest.java 634--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java 1970-01-01 00:00:00.000000000 +0000 635+++ bcprov-jdk15on-152/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2014-02-27 18:09:19.000000000 +0000 636@@ -0,0 +1,97 @@ 637+/* 638+ * Copyright (C) 2008 The Android Open Source Project 639+ * 640+ * Licensed under the Apache License, Version 2.0 (the "License"); 641+ * you may not use this file except in compliance with the License. 642+ * You may obtain a copy of the License at 643+ * 644+ * http://www.apache.org/licenses/LICENSE-2.0 645+ * 646+ * Unless required by applicable law or agreed to in writing, software 647+ * distributed under the License is distributed on an "AS IS" BASIS, 648+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 649+ * See the License for the specific language governing permissions and 650+ * limitations under the License. 651+ */ 652+ 653+package org.bouncycastle.crypto.digests; 654+ 655+import org.bouncycastle.crypto.ExtendedDigest; 656+import org.bouncycastle.jcajce.provider.keystore.bc.BcKeyStoreSpi; 657+import java.security.DigestException; 658+import java.security.MessageDigest; 659+ 660+/** 661+ * Implements the BouncyCastle Digest interface using OpenSSL's EVP API. This 662+ * must be an ExtendedDigest for {@link BcKeyStoreSpi} to be able to use it. 663+ */ 664+public class OpenSSLDigest implements ExtendedDigest { 665+ private final MessageDigest delegate; 666+ 667+ private final int byteSize; 668+ 669+ public OpenSSLDigest(String algorithm, int byteSize) { 670+ try { 671+ delegate = MessageDigest.getInstance(algorithm, "AndroidOpenSSL"); 672+ this.byteSize = byteSize; 673+ } catch (Exception e) { 674+ throw new RuntimeException(e); 675+ } 676+ } 677+ 678+ public String getAlgorithmName() { 679+ return delegate.getAlgorithm(); 680+ } 681+ 682+ public int getDigestSize() { 683+ return delegate.getDigestLength(); 684+ } 685+ 686+ public int getByteLength() { 687+ return byteSize; 688+ } 689+ 690+ public void reset() { 691+ delegate.reset(); 692+ } 693+ 694+ public void update(byte in) { 695+ delegate.update(in); 696+ } 697+ 698+ public void update(byte[] in, int inOff, int len) { 699+ delegate.update(in, inOff, len); 700+ } 701+ 702+ public int doFinal(byte[] out, int outOff) { 703+ try { 704+ return delegate.digest(out, outOff, out.length - outOff); 705+ } catch (DigestException e) { 706+ throw new RuntimeException(e); 707+ } 708+ } 709+ 710+ public static class MD5 extends OpenSSLDigest { 711+ public MD5() { super("MD5", 64); } 712+ } 713+ 714+ public static class SHA1 extends OpenSSLDigest { 715+ public SHA1() { super("SHA-1", 64); } 716+ } 717+ 718+ public static class SHA224 extends OpenSSLDigest { 719+ public SHA224() { super("SHA-224", 64); } 720+ } 721+ 722+ public static class SHA256 extends OpenSSLDigest { 723+ public SHA256() { super("SHA-256", 64); } 724+ } 725+ 726+ public static class SHA384 extends OpenSSLDigest { 727+ public SHA384() { super("SHA-384", 128); } 728+ } 729+ 730+ public static class SHA512 extends OpenSSLDigest { 731+ public SHA512() { super("SHA-512", 128); } 732+ } 733+} 734diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/ec/CustomNamedCurves.java bcprov-jdk15on-152/org/bouncycastle/crypto/ec/CustomNamedCurves.java 735--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/ec/CustomNamedCurves.java 2015-03-01 12:03:02.000000000 +0000 736+++ bcprov-jdk15on-152/org/bouncycastle/crypto/ec/CustomNamedCurves.java 2014-07-28 19:51:54.000000000 +0000 737@@ -10,7 +10,9 @@ 738 import org.bouncycastle.asn1.x9.X9ECParametersHolder; 739 import org.bouncycastle.math.ec.ECCurve; 740 import org.bouncycastle.math.ec.ECPoint; 741-import org.bouncycastle.math.ec.custom.djb.Curve25519; 742+// BEGIN android-removed 743+// import org.bouncycastle.math.ec.custom.djb.Curve25519; 744+// END android-removed 745 import org.bouncycastle.math.ec.custom.sec.SecP192K1Curve; 746 import org.bouncycastle.math.ec.custom.sec.SecP192R1Curve; 747 import org.bouncycastle.math.ec.custom.sec.SecP224K1Curve; 748@@ -36,32 +38,34 @@ 749 return c.configure().setEndomorphism(new GLVTypeBEndomorphism(c, p)).create(); 750 } 751 752- /* 753- * curve25519 754- */ 755- static X9ECParametersHolder curve25519 = new X9ECParametersHolder() 756- { 757- protected X9ECParameters createParameters() 758- { 759- byte[] S = null; 760- ECCurve curve = configureCurve(new Curve25519()); 761- 762- /* 763- * NOTE: Curve25519 was specified in Montgomery form. Rewriting in Weierstrass form 764- * involves substitution of variables, so the base-point x coordinate is 9 + (486662 / 3). 765- * 766- * The Curve25519 paper doesn't say which of the two possible y values the base 767- * point has. The choice here is guided by language in the Ed25519 paper. 768- * 769- * (The other possible y value is 5F51E65E475F794B1FE122D388B72EB36DC2B28192839E4DD6163A5D81312C14) 770- */ 771- ECPoint G = curve.decodePoint(Hex.decode("04" 772- + "2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD245A" 773- + "20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9")); 774- 775- return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S); 776- } 777- }; 778+ // BEGIN android-removed 779+ // /* 780+ // * curve25519 781+ // */ 782+ // static X9ECParametersHolder curve25519 = new X9ECParametersHolder() 783+ // { 784+ // protected X9ECParameters createParameters() 785+ // { 786+ // byte[] S = null; 787+ // ECCurve curve = configureCurve(new Curve25519()); 788+ // 789+ // /* 790+ // * NOTE: Curve25519 was specified in Montgomery form. Rewriting in Weierstrass form 791+ // * involves substitution of variables, so the base-point x coordinate is 9 + (486662 / 3). 792+ // * 793+ // * The Curve25519 paper doesn't say which of the two possible y values the base 794+ // * point has. The choice here is guided by language in the Ed25519 paper. 795+ // * 796+ // * (The other possible y value is 5F51E65E475F794B1FE122D388B72EB36DC2B28192839E4DD6163A5D81312C14) 797+ // */ 798+ // ECPoint G = curve.decodePoint(Hex.decode("04" 799+ // + "2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD245A" 800+ // + "20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9")); 801+ // 802+ // return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S); 803+ // } 804+ // }; 805+ // END android-removed 806 807 /* 808 * secp192k1 809@@ -254,7 +258,9 @@ 810 811 static 812 { 813- defineCurve("curve25519", curve25519); 814+ // BEGIN android-removed 815+ // defineCurve("curve25519", curve25519); 816+ // END android-removed 817 818 defineCurveWithOID("secp192k1", SECObjectIdentifiers.secp192k1, secp192k1); 819 defineCurveWithOID("secp192r1", SECObjectIdentifiers.secp192r1, secp192r1); 820diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java bcprov-jdk15on-152/org/bouncycastle/crypto/encodings/OAEPEncoding.java 821--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java 2015-03-01 12:03:02.000000000 +0000 822+++ bcprov-jdk15on-152/org/bouncycastle/crypto/encodings/OAEPEncoding.java 2013-05-25 02:14:15.000000000 +0000 823@@ -6,7 +6,9 @@ 824 import org.bouncycastle.crypto.CipherParameters; 825 import org.bouncycastle.crypto.Digest; 826 import org.bouncycastle.crypto.InvalidCipherTextException; 827-import org.bouncycastle.crypto.digests.SHA1Digest; 828+// BEGIN android-changed 829+import org.bouncycastle.crypto.digests.AndroidDigestFactory; 830+// END android-changed 831 import org.bouncycastle.crypto.params.ParametersWithRandom; 832 833 /** 834@@ -25,7 +27,9 @@ 835 public OAEPEncoding( 836 AsymmetricBlockCipher cipher) 837 { 838- this(cipher, new SHA1Digest(), null); 839+ // BEGIN android-changed 840+ this(cipher, AndroidDigestFactory.getSHA1(), null); 841+ // END android-changed 842 } 843 844 public OAEPEncoding( 845diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java bcprov-jdk15on-152/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 846--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2015-03-01 12:03:02.000000000 +0000 847+++ bcprov-jdk15on-152/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2015-04-09 13:10:16.000000000 +0000 848@@ -378,6 +378,12 @@ 849 throw new InvalidCipherTextException("unknown block type"); 850 } 851 } 852+ // BEGIN android-added 853+ if ((type == 1 && forPrivateKey) || (type == 2 && !forPrivateKey)) 854+ { 855+ throw new InvalidCipherTextException("invalid block type " + type); 856+ } 857+ // END android-added 858 859 if (useStrictLength && block.length != engine.getOutputBlockSize()) 860 { 861diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java bcprov-jdk15on-152/org/bouncycastle/crypto/engines/DESedeWrapEngine.java 862--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java 2015-03-01 12:03:02.000000000 +0000 863+++ bcprov-jdk15on-152/org/bouncycastle/crypto/engines/DESedeWrapEngine.java 2014-07-28 19:51:54.000000000 +0000 864@@ -6,7 +6,9 @@ 865 import org.bouncycastle.crypto.Digest; 866 import org.bouncycastle.crypto.InvalidCipherTextException; 867 import org.bouncycastle.crypto.Wrapper; 868-import org.bouncycastle.crypto.digests.SHA1Digest; 869+// BEGIN android-changed 870+import org.bouncycastle.crypto.digests.AndroidDigestFactory; 871+// END android-changed 872 import org.bouncycastle.crypto.modes.CBCBlockCipher; 873 import org.bouncycastle.crypto.params.KeyParameter; 874 import org.bouncycastle.crypto.params.ParametersWithIV; 875@@ -52,7 +54,9 @@ 876 // 877 // checksum digest 878 // 879- Digest sha1 = new SHA1Digest(); 880+ // BEGIN android-changed 881+ Digest sha1 = AndroidDigestFactory.getSHA1(); 882+ // END android-changed 883 byte[] digest = new byte[20]; 884 885 /** 886diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java bcprov-jdk15on-152/org/bouncycastle/crypto/generators/DHParametersHelper.java 887--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java 2015-03-01 12:03:02.000000000 +0000 888+++ bcprov-jdk15on-152/org/bouncycastle/crypto/generators/DHParametersHelper.java 2014-07-28 19:51:54.000000000 +0000 889@@ -3,11 +3,18 @@ 890 import java.math.BigInteger; 891 import java.security.SecureRandom; 892 893+// BEGIN android-added 894+import java.util.logging.Logger; 895+// END android-added 896 import org.bouncycastle.math.ec.WNafUtil; 897 import org.bouncycastle.util.BigIntegers; 898 899 class DHParametersHelper 900 { 901+ // BEGIN android-added 902+ private static final Logger logger = Logger.getLogger(DHParametersHelper.class.getName()); 903+ // END android-added 904+ 905 private static final BigInteger ONE = BigInteger.valueOf(1); 906 private static final BigInteger TWO = BigInteger.valueOf(2); 907 908@@ -18,12 +25,20 @@ 909 */ 910 static BigInteger[] generateSafePrimes(int size, int certainty, SecureRandom random) 911 { 912+ // BEGIN android-added 913+ logger.info("Generating safe primes. This may take a long time."); 914+ long start = System.currentTimeMillis(); 915+ int tries = 0; 916+ // END android-added 917 BigInteger p, q; 918 int qLength = size - 1; 919 int minWeight = size >>> 2; 920 921 for (;;) 922 { 923+ // BEGIN android-added 924+ tries++; 925+ // END android-added 926 q = new BigInteger(qLength, 2, random); 927 928 // p <- 2q + 1 929@@ -52,6 +67,11 @@ 930 931 break; 932 } 933+ // BEGIN android-added 934+ long end = System.currentTimeMillis(); 935+ long duration = end - start; 936+ logger.info("Generated safe primes: " + tries + " tries took " + duration + "ms"); 937+ // END android-added 938 939 return new BigInteger[] { p, q }; 940 } 941diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java bcprov-jdk15on-152/org/bouncycastle/crypto/generators/DSAParametersGenerator.java 942--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java 2015-03-01 12:03:02.000000000 +0000 943+++ bcprov-jdk15on-152/org/bouncycastle/crypto/generators/DSAParametersGenerator.java 2014-07-28 19:51:54.000000000 +0000 944@@ -4,7 +4,9 @@ 945 import java.security.SecureRandom; 946 947 import org.bouncycastle.crypto.Digest; 948-import org.bouncycastle.crypto.digests.SHA1Digest; 949+// BEGIN android-changed 950+import org.bouncycastle.crypto.digests.AndroidDigestFactory; 951+// END android-changed 952 import org.bouncycastle.crypto.params.DSAParameterGenerationParameters; 953 import org.bouncycastle.crypto.params.DSAParameters; 954 import org.bouncycastle.crypto.params.DSAValidationParameters; 955@@ -31,7 +33,9 @@ 956 957 public DSAParametersGenerator() 958 { 959- this(new SHA1Digest()); 960+ // BEGIN android-changed 961+ this(AndroidDigestFactory.getSHA1()); 962+ // END android-changed 963 } 964 965 public DSAParametersGenerator(Digest digest) 966@@ -122,7 +126,9 @@ 967 int n = (L - 1) / 160; 968 byte[] w = new byte[L / 8]; 969 970- if (!(digest instanceof SHA1Digest)) 971+ // BEGIN android-changed 972+ if (!(digest.getAlgorithmName().equals("SHA-1"))) 973+ // END android-changed 974 { 975 throw new IllegalStateException("can only use SHA-1 for generating FIPS 186-2 parameters"); 976 } 977diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java bcprov-jdk15on-152/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java 978--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java 2015-03-01 12:03:02.000000000 +0000 979+++ bcprov-jdk15on-152/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java 2012-09-17 23:04:47.000000000 +0000 980@@ -3,7 +3,9 @@ 981 import org.bouncycastle.crypto.CipherParameters; 982 import org.bouncycastle.crypto.Digest; 983 import org.bouncycastle.crypto.PBEParametersGenerator; 984-import org.bouncycastle.crypto.digests.MD5Digest; 985+// BEGIN android-changed 986+import org.bouncycastle.crypto.digests.AndroidDigestFactory; 987+// END android-changed 988 import org.bouncycastle.crypto.params.KeyParameter; 989 import org.bouncycastle.crypto.params.ParametersWithIV; 990 991@@ -17,7 +19,9 @@ 992 public class OpenSSLPBEParametersGenerator 993 extends PBEParametersGenerator 994 { 995- private Digest digest = new MD5Digest(); 996+ // BEGIN android-changed 997+ private Digest digest = AndroidDigestFactory.getMD5(); 998+ // END android-changed 999 1000 /** 1001 * Construct a OpenSSL Parameters generator. 1002diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java bcprov-jdk15on-152/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java 1003--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java 2015-03-01 12:03:02.000000000 +0000 1004+++ bcprov-jdk15on-152/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java 2013-12-12 00:35:05.000000000 +0000 1005@@ -4,7 +4,9 @@ 1006 import org.bouncycastle.crypto.Digest; 1007 import org.bouncycastle.crypto.Mac; 1008 import org.bouncycastle.crypto.PBEParametersGenerator; 1009-import org.bouncycastle.crypto.digests.SHA1Digest; 1010+// BEGIN android-changed 1011+import org.bouncycastle.crypto.digests.AndroidDigestFactory; 1012+// END android-changed 1013 import org.bouncycastle.crypto.macs.HMac; 1014 import org.bouncycastle.crypto.params.KeyParameter; 1015 import org.bouncycastle.crypto.params.ParametersWithIV; 1016@@ -28,7 +30,9 @@ 1017 */ 1018 public PKCS5S2ParametersGenerator() 1019 { 1020- this(new SHA1Digest()); 1021+ // BEGIN android-changed 1022+ this(AndroidDigestFactory.getSHA1()); 1023+ // END android-changed 1024 } 1025 1026 public PKCS5S2ParametersGenerator(Digest digest) 1027diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk15on-152/org/bouncycastle/crypto/macs/HMac.java 1028--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/macs/HMac.java 2015-03-01 12:03:02.000000000 +0000 1029+++ bcprov-jdk15on-152/org/bouncycastle/crypto/macs/HMac.java 2013-09-26 18:06:21.000000000 +0000 1030@@ -36,14 +36,18 @@ 1031 { 1032 blockLengths = new Hashtable(); 1033 1034- blockLengths.put("GOST3411", Integers.valueOf(32)); 1035- 1036- blockLengths.put("MD2", Integers.valueOf(16)); 1037- blockLengths.put("MD4", Integers.valueOf(64)); 1038+ // BEGIN android-removed 1039+ // blockLengths.put("GOST3411", Integers.valueOf(32)); 1040+ // 1041+ // blockLengths.put("MD2", Integers.valueOf(16)); 1042+ // blockLengths.put("MD4", Integers.valueOf(64)); 1043+ // END android-removed 1044 blockLengths.put("MD5", Integers.valueOf(64)); 1045 1046- blockLengths.put("RIPEMD128", Integers.valueOf(64)); 1047- blockLengths.put("RIPEMD160", Integers.valueOf(64)); 1048+ // BEGIN android-removed 1049+ // blockLengths.put("RIPEMD128", Integers.valueOf(64)); 1050+ // blockLengths.put("RIPEMD160", Integers.valueOf(64)); 1051+ // END android-removed 1052 1053 blockLengths.put("SHA-1", Integers.valueOf(64)); 1054 blockLengths.put("SHA-224", Integers.valueOf(64)); 1055@@ -51,8 +55,10 @@ 1056 blockLengths.put("SHA-384", Integers.valueOf(128)); 1057 blockLengths.put("SHA-512", Integers.valueOf(128)); 1058 1059- blockLengths.put("Tiger", Integers.valueOf(64)); 1060- blockLengths.put("Whirlpool", Integers.valueOf(64)); 1061+ // BEGIN android-removed 1062+ // blockLengths.put("Tiger", Integers.valueOf(64)); 1063+ // blockLengths.put("Whirlpool", Integers.valueOf(64)); 1064+ // END android-removed 1065 } 1066 1067 private static int getByteLength( 1068diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/modes/GCMBlockCipher.java bcprov-jdk15on-152/org/bouncycastle/crypto/modes/GCMBlockCipher.java 1069--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/modes/GCMBlockCipher.java 2015-03-01 12:03:02.000000000 +0000 1070+++ bcprov-jdk15on-152/org/bouncycastle/crypto/modes/GCMBlockCipher.java 2015-11-12 22:10:47.000000000 +0000 1071@@ -24,6 +24,11 @@ 1072 implements AEADBlockCipher 1073 { 1074 private static final int BLOCK_SIZE = 16; 1075+ // BEGIN android-added 1076+ // 2^36-32 : limitation imposed by NIST GCM as otherwise the counter is wrapped and it can leak 1077+ // plaintext and authentication key 1078+ private static final long MAX_INPUT_SIZE = 68719476704L; 1079+ // END android-added 1080 1081 // not final due to a compiler bug 1082 private BlockCipher cipher; 1083@@ -202,6 +207,14 @@ 1084 return totalData < macSize ? 0 : totalData - macSize; 1085 } 1086 1087+ // BEGIN android-added 1088+ /** Helper used to ensure that {@link #MAX_INPUT_SIZE} is not exceeded. */ 1089+ private long getTotalInputSizeAfterNewInput(int newInputLen) 1090+ { 1091+ return totalLength + newInputLen + bufOff; 1092+ } 1093+ // END android-added 1094+ 1095 public int getUpdateOutputSize(int len) 1096 { 1097 int totalData = len + bufOff; 1098@@ -218,6 +231,11 @@ 1099 1100 public void processAADByte(byte in) 1101 { 1102+ // BEGIN android-added 1103+ if (getTotalInputSizeAfterNewInput(1) > MAX_INPUT_SIZE) { 1104+ throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes"); 1105+ } 1106+ // END android-added 1107 atBlock[atBlockPos] = in; 1108 if (++atBlockPos == BLOCK_SIZE) 1109 { 1110@@ -230,6 +248,11 @@ 1111 1112 public void processAADBytes(byte[] in, int inOff, int len) 1113 { 1114+ // BEGIN android-added 1115+ if (getTotalInputSizeAfterNewInput(len) > MAX_INPUT_SIZE) { 1116+ throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes"); 1117+ } 1118+ // END android-added 1119 for (int i = 0; i < len; ++i) 1120 { 1121 atBlock[atBlockPos] = in[inOff + i]; 1122@@ -267,6 +290,11 @@ 1123 public int processByte(byte in, byte[] out, int outOff) 1124 throws DataLengthException 1125 { 1126+ // BEGIN android-added 1127+ if (getTotalInputSizeAfterNewInput(1) > MAX_INPUT_SIZE) { 1128+ throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes"); 1129+ } 1130+ // END android-added 1131 bufBlock[bufOff] = in; 1132 if (++bufOff == bufBlock.length) 1133 { 1134@@ -279,6 +307,11 @@ 1135 public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) 1136 throws DataLengthException 1137 { 1138+ // BEGIN android-added 1139+ if (getTotalInputSizeAfterNewInput(len) > MAX_INPUT_SIZE) { 1140+ throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes"); 1141+ } 1142+ // END android-added 1143 if (in.length < (inOff + len)) 1144 { 1145 throw new DataLengthException("Input buffer too short"); 1146diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk15on-152/org/bouncycastle/crypto/signers/RSADigestSigner.java 1147--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java 2015-03-01 12:03:02.000000000 +0000 1148+++ bcprov-jdk15on-152/org/bouncycastle/crypto/signers/RSADigestSigner.java 2015-04-09 13:10:16.000000000 +0000 1149@@ -39,9 +39,11 @@ 1150 */ 1151 static 1152 { 1153- oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128); 1154- oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160); 1155- oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256); 1156+ // BEGIN android-removed 1157+ // oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128); 1158+ // oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160); 1159+ // oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256); 1160+ // END android-removed 1161 1162 oidMap.put("SHA-1", X509ObjectIdentifiers.id_SHA1); 1163 oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224); 1164@@ -51,8 +53,10 @@ 1165 oidMap.put("SHA-512/224", NISTObjectIdentifiers.id_sha512_224); 1166 oidMap.put("SHA-512/256", NISTObjectIdentifiers.id_sha512_256); 1167 1168- oidMap.put("MD2", PKCSObjectIdentifiers.md2); 1169- oidMap.put("MD4", PKCSObjectIdentifiers.md4); 1170+ // BEGIN android-removed 1171+ // oidMap.put("MD2", PKCSObjectIdentifiers.md2); 1172+ // oidMap.put("MD4", PKCSObjectIdentifiers.md4); 1173+ // END android-removed 1174 oidMap.put("MD5", PKCSObjectIdentifiers.md5); 1175 } 1176 1177diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk15on-152/org/bouncycastle/crypto/util/PrivateKeyFactory.java 1178--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2015-03-01 12:03:02.000000000 +0000 1179+++ bcprov-jdk15on-152/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2014-07-28 19:51:54.000000000 +0000 1180@@ -9,7 +9,9 @@ 1181 import org.bouncycastle.asn1.ASN1Integer; 1182 import org.bouncycastle.asn1.ASN1ObjectIdentifier; 1183 import org.bouncycastle.asn1.ASN1Primitive; 1184-import org.bouncycastle.asn1.oiw.ElGamalParameter; 1185+// BEGIN android-removed 1186+// import org.bouncycastle.asn1.oiw.ElGamalParameter; 1187+// END android-removed 1188 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; 1189 import org.bouncycastle.asn1.pkcs.DHParameter; 1190 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 1191@@ -31,8 +33,10 @@ 1192 import org.bouncycastle.crypto.params.ECDomainParameters; 1193 import org.bouncycastle.crypto.params.ECNamedDomainParameters; 1194 import org.bouncycastle.crypto.params.ECPrivateKeyParameters; 1195-import org.bouncycastle.crypto.params.ElGamalParameters; 1196-import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters; 1197+// BEGIN android-removed 1198+// import org.bouncycastle.crypto.params.ElGamalParameters; 1199+// import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters; 1200+// END android-removed 1201 import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; 1202 1203 /** 1204@@ -98,14 +102,16 @@ 1205 1206 return new DHPrivateKeyParameters(derX.getValue(), dhParams); 1207 } 1208- else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm)) 1209- { 1210- ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters()); 1211- ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey(); 1212- 1213- return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters( 1214- params.getP(), params.getG())); 1215- } 1216+ // BEGIN android-removed 1217+ // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm)) 1218+ // { 1219+ // ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters()); 1220+ // ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey(); 1221+ // 1222+ // return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters( 1223+ // params.getP(), params.getG())); 1224+ // } 1225+ // END android-removed 1226 else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa)) 1227 { 1228 ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey(); 1229diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk15on-152/org/bouncycastle/crypto/util/PublicKeyFactory.java 1230--- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2015-03-01 12:03:02.000000000 +0000 1231+++ bcprov-jdk15on-152/org/bouncycastle/crypto/util/PublicKeyFactory.java 2014-07-28 19:51:54.000000000 +0000 1232@@ -11,7 +11,9 @@ 1233 import org.bouncycastle.asn1.ASN1OctetString; 1234 import org.bouncycastle.asn1.ASN1Primitive; 1235 import org.bouncycastle.asn1.DEROctetString; 1236-import org.bouncycastle.asn1.oiw.ElGamalParameter; 1237+// BEGIN android-removed 1238+// import org.bouncycastle.asn1.oiw.ElGamalParameter; 1239+// END android-removed 1240 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; 1241 import org.bouncycastle.asn1.pkcs.DHParameter; 1242 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 1243@@ -38,8 +40,10 @@ 1244 import org.bouncycastle.crypto.params.ECDomainParameters; 1245 import org.bouncycastle.crypto.params.ECNamedDomainParameters; 1246 import org.bouncycastle.crypto.params.ECPublicKeyParameters; 1247-import org.bouncycastle.crypto.params.ElGamalParameters; 1248-import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters; 1249+// BEGIN android-removed 1250+// import org.bouncycastle.crypto.params.ElGamalParameters; 1251+// import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters; 1252+// END android-removed 1253 import org.bouncycastle.crypto.params.RSAKeyParameters; 1254 1255 /** 1256@@ -133,14 +137,16 @@ 1257 1258 return new DHPublicKeyParameters(derY.getValue(), dhParams); 1259 } 1260- else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm)) 1261- { 1262- ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters()); 1263- ASN1Integer derY = (ASN1Integer)keyInfo.parsePublicKey(); 1264- 1265- return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters( 1266- params.getP(), params.getG())); 1267- } 1268+ // BEGIN android-removed 1269+ // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm)) 1270+ // { 1271+ // ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters()); 1272+ // ASN1Integer derY = (ASN1Integer)keyInfo.parsePublicKey(); 1273+ // 1274+ // return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters( 1275+ // params.getP(), params.getG())); 1276+ // } 1277+ // END android-removed 1278 else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa) 1279 || algId.getAlgorithm().equals(OIWObjectIdentifiers.dsaWithSHA1)) 1280 { 1281diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/DH.java 1282--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java 2015-03-01 12:03:02.000000000 +0000 1283+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/DH.java 2014-07-28 19:51:54.000000000 +0000 1284@@ -35,10 +35,12 @@ 1285 1286 provider.addAlgorithm("AlgorithmParameterGenerator.DH", PREFIX + "AlgorithmParameterGeneratorSpi"); 1287 1288- provider.addAlgorithm("Cipher.DHIES", PREFIX + "IESCipher$IES"); 1289- provider.addAlgorithm("Cipher.DHIESwithAES", PREFIX + "IESCipher$IESwithAES"); 1290- provider.addAlgorithm("Cipher.DHIESWITHAES", PREFIX + "IESCipher$IESwithAES"); 1291- provider.addAlgorithm("Cipher.DHIESWITHDESEDE", PREFIX + "IESCipher$IESwithDESede"); 1292+ // BEGIN android-removed 1293+ // provider.addAlgorithm("Cipher.DHIES", PREFIX + "IESCipher$IES"); 1294+ // provider.addAlgorithm("Cipher.DHIESwithAES", PREFIX + "IESCipher$IESwithAES"); 1295+ // provider.addAlgorithm("Cipher.DHIESWITHAES", PREFIX + "IESCipher$IESwithAES"); 1296+ // provider.addAlgorithm("Cipher.DHIESWITHDESEDE", PREFIX + "IESCipher$IESwithDESede"); 1297+ // END android-removed 1298 1299 registerOid(provider, PKCSObjectIdentifiers.dhKeyAgreement, "DH", new KeyFactorySpi()); 1300 registerOid(provider, X9ObjectIdentifiers.dhpublicnumber, "DH", new KeyFactorySpi()); 1301diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 1302--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2015-03-01 12:03:02.000000000 +0000 1303+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2015-06-01 19:10:55.000000000 +0000 1304@@ -27,40 +27,55 @@ 1305 provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi"); 1306 provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi"); 1307 1308- provider.addAlgorithm("Signature.DSA", PREFIX + "DSASigner$stdDSA"); 1309+ // BEGIN android-changed 1310+ provider.addAlgorithm("Signature.SHA1withDSA", PREFIX + "DSASigner$stdDSA"); 1311+ // END android-changed 1312 provider.addAlgorithm("Signature.NONEWITHDSA", PREFIX + "DSASigner$noneDSA"); 1313 1314 provider.addAlgorithm("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA"); 1315 1316- provider.addAlgorithm("Signature.DETDSA", PREFIX + "DSASigner$detDSA"); 1317- provider.addAlgorithm("Signature.SHA1WITHDETDSA", PREFIX + "DSASigner$detDSA"); 1318- provider.addAlgorithm("Signature.SHA224WITHDETDSA", PREFIX + "DSASigner$detDSA224"); 1319- provider.addAlgorithm("Signature.SHA256WITHDETDSA", PREFIX + "DSASigner$detDSA256"); 1320- provider.addAlgorithm("Signature.SHA384WITHDETDSA", PREFIX + "DSASigner$detDSA384"); 1321- provider.addAlgorithm("Signature.SHA512WITHDETDSA", PREFIX + "DSASigner$detDSA512"); 1322+ // BEGIN android-removed 1323+ // provider.addAlgorithm("Signature.DETDSA", PREFIX + "DSASigner$detDSA"); 1324+ // provider.addAlgorithm("Signature.SHA1WITHDETDSA", PREFIX + "DSASigner$detDSA"); 1325+ // provider.addAlgorithm("Signature.SHA224WITHDETDSA", PREFIX + "DSASigner$detDSA224"); 1326+ // provider.addAlgorithm("Signature.SHA256WITHDETDSA", PREFIX + "DSASigner$detDSA256"); 1327+ // provider.addAlgorithm("Signature.SHA384WITHDETDSA", PREFIX + "DSASigner$detDSA384"); 1328+ // provider.addAlgorithm("Signature.SHA512WITHDETDSA", PREFIX + "DSASigner$detDSA512"); 1329+ // END android-removed 1330 1331 addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224); 1332 addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256); 1333- addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384); 1334- addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512); 1335- 1336- provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "DSA"); 1337- provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "DSA"); 1338- provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "DSA"); 1339- provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "DSA"); 1340- provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "DSA"); 1341- provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "DSA"); 1342- provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "DSA"); 1343- provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "DSA"); 1344- provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "DSA"); 1345- 1346- provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA"); 1347+ // BEGIN android-removed 1348+ // addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384); 1349+ // addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512); 1350+ // END android-removed 1351+ 1352+ // BEGIN android-added 1353+ provider.addAlgorithm("Alg.Alias.Signature.DSA", "SHA1withDSA"); 1354+ // END android-added 1355+ // BEGIN android-changed 1356+ provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); 1357+ provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "SHA1withDSA"); 1358+ provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "SHA1withDSA"); 1359+ provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "SHA1withDSA"); 1360+ provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "SHA1withDSA"); 1361+ provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "SHA1withDSA"); 1362+ provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA"); 1363+ provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA"); 1364+ provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); 1365+ // END android-changed 1366+ 1367+ // BEGIN android-removed 1368+ // provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA"); 1369+ // END android-removed 1370 1371 AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi(); 1372 1373 for (int i = 0; i != DSAUtil.dsaOids.length; i++) 1374 { 1375- provider.addAlgorithm("Alg.Alias.Signature." + DSAUtil.dsaOids[i], "DSA"); 1376+ // BEGIN android-changed 1377+ provider.addAlgorithm("Alg.Alias.Signature." + DSAUtil.dsaOids[i], "SHA1withDSA"); 1378+ // END android-changed 1379 1380 registerOid(provider, DSAUtil.dsaOids[i], "DSA", keyFact); 1381 registerOidAlgorithmParameters(provider, DSAUtil.dsaOids[i], "DSA"); 1382diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/EC.java 1383--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2015-03-01 12:03:02.000000000 +0000 1384+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2015-04-09 13:10:16.000000000 +0000 1385@@ -1,8 +1,10 @@ 1386 package org.bouncycastle.jcajce.provider.asymmetric; 1387 1388-import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers; 1389-import org.bouncycastle.asn1.eac.EACObjectIdentifiers; 1390-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 1391+// BEGIN android-removed 1392+// import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers; 1393+// import org.bouncycastle.asn1.eac.EACObjectIdentifiers; 1394+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 1395+// END android-removed 1396 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; 1397 import org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi; 1398 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; 1399@@ -22,45 +24,59 @@ 1400 public void configure(ConfigurableProvider provider) 1401 { 1402 provider.addAlgorithm("KeyAgreement.ECDH", PREFIX + "KeyAgreementSpi$DH"); 1403- provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC"); 1404- provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV"); 1405- provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDF"); 1406- provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDF"); 1407- provider.addAlgorithm("KeyAgreement.ECDHWITHSHA1KDF", PREFIX + "KeyAgreementSpi$DHwithSHA1KDF"); 1408+ // BEGIN android-removed 1409+ // provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC"); 1410+ // provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV"); 1411+ // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDF"); 1412+ // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDF"); 1413+ // provider.addAlgorithm("KeyAgreement.ECDHWITHSHA1KDF", PREFIX + "KeyAgreementSpi$DHwithSHA1KDF"); 1414+ // END android-removed 1415 1416 registerOid(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC", new KeyFactorySpi.EC()); 1417 // TODO Should this be an alias for ECDH? 1418 registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC()); 1419- registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV()); 1420- 1421- registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC"); 1422+ // BEGIN android-removed 1423+ // registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV()); 1424+ // 1425+ // // Android comment: the registration below is causing CTS tests to fail and doesn't seem 1426+ // // to be implemented by bouncycastle (so looks like an bug in bouncycastle). 1427+ // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC"); 1428+ // END android-removed 1429 // TODO Should this be an alias for ECDH? 1430- registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC"); 1431- registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC"); 1432+ // BEGIN android-removed 1433+ // // Android comment: the registration below is causing CTS tests to fail and doesn't seem 1434+ // // to be implemented by bouncycastle (so looks like an bug in bouncycastle). 1435+ // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC"); 1436+ // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC"); 1437+ // END android-removed 1438 1439 provider.addAlgorithm("KeyFactory.EC", PREFIX + "KeyFactorySpi$EC"); 1440- provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA"); 1441- provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH"); 1442- provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC"); 1443- provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV"); 1444+ // BEGIN android-removed 1445+ // provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA"); 1446+ // provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH"); 1447+ // provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC"); 1448+ // provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV"); 1449+ // END android-removed 1450 1451 provider.addAlgorithm("KeyPairGenerator.EC", PREFIX + "KeyPairGeneratorSpi$EC"); 1452- provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA"); 1453- provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH"); 1454- provider.addAlgorithm("KeyPairGenerator.ECDHWITHSHA1KDF", PREFIX + "KeyPairGeneratorSpi$ECDH"); 1455- provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC"); 1456- provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH"); 1457- provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV"); 1458- 1459- provider.addAlgorithm("Cipher.ECIES", PREFIX + "IESCipher$ECIES"); 1460- provider.addAlgorithm("Cipher.ECIESwithAES", PREFIX + "IESCipher$ECIESwithAES"); 1461- provider.addAlgorithm("Cipher.ECIESWITHAES", PREFIX + "IESCipher$ECIESwithAES"); 1462- provider.addAlgorithm("Cipher.ECIESwithDESEDE", PREFIX + "IESCipher$ECIESwithDESede"); 1463- provider.addAlgorithm("Cipher.ECIESWITHDESEDE", PREFIX + "IESCipher$ECIESwithDESede"); 1464- provider.addAlgorithm("Cipher.ECIESwithAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC"); 1465- provider.addAlgorithm("Cipher.ECIESWITHAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC"); 1466- provider.addAlgorithm("Cipher.ECIESwithDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC"); 1467- provider.addAlgorithm("Cipher.ECIESWITHDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC"); 1468+ // BEGIN android-removed 1469+ // provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA"); 1470+ // provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH"); 1471+ // provider.addAlgorithm("KeyPairGenerator.ECDHWITHSHA1KDF", PREFIX + "KeyPairGeneratorSpi$ECDH"); 1472+ // provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC"); 1473+ // provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH"); 1474+ // provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV"); 1475+ // 1476+ // provider.addAlgorithm("Cipher.ECIES", PREFIX + "IESCipher$ECIES"); 1477+ // provider.addAlgorithm("Cipher.ECIESwithAES", PREFIX + "IESCipher$ECIESwithAES"); 1478+ // provider.addAlgorithm("Cipher.ECIESWITHAES", PREFIX + "IESCipher$ECIESwithAES"); 1479+ // provider.addAlgorithm("Cipher.ECIESwithDESEDE", PREFIX + "IESCipher$ECIESwithDESede"); 1480+ // provider.addAlgorithm("Cipher.ECIESWITHDESEDE", PREFIX + "IESCipher$ECIESwithDESede"); 1481+ // provider.addAlgorithm("Cipher.ECIESwithAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC"); 1482+ // provider.addAlgorithm("Cipher.ECIESWITHAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC"); 1483+ // provider.addAlgorithm("Cipher.ECIESwithDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC"); 1484+ // provider.addAlgorithm("Cipher.ECIESWITHDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC"); 1485+ // END android-removed 1486 1487 provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA"); 1488 provider.addAlgorithm("Signature.NONEwithECDSA", PREFIX + "SignatureSpi$ecDSAnone"); 1489@@ -72,39 +88,43 @@ 1490 provider.addAlgorithm("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA"); 1491 provider.addAlgorithm("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA"); 1492 provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); 1493- provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA"); 1494- 1495- provider.addAlgorithm("Signature.DETECDSA", PREFIX + "SignatureSpi$ecDetDSA"); 1496- provider.addAlgorithm("Signature.SHA1WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA"); 1497- provider.addAlgorithm("Signature.SHA224WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA224"); 1498- provider.addAlgorithm("Signature.SHA256WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA256"); 1499- provider.addAlgorithm("Signature.SHA384WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA384"); 1500- provider.addAlgorithm("Signature.SHA512WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA512"); 1501+ // BEGIN android-removed 1502+ // provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA"); 1503+ // 1504+ // provider.addAlgorithm("Signature.DETECDSA", PREFIX + "SignatureSpi$ecDetDSA"); 1505+ // provider.addAlgorithm("Signature.SHA1WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA"); 1506+ // provider.addAlgorithm("Signature.SHA224WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA224"); 1507+ // provider.addAlgorithm("Signature.SHA256WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA256"); 1508+ // provider.addAlgorithm("Signature.SHA384WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA384"); 1509+ // provider.addAlgorithm("Signature.SHA512WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA512"); 1510+ // END android-removed 1511 1512 addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224); 1513 addSignatureAlgorithm(provider, "SHA256", "ECDSA", PREFIX + "SignatureSpi$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256); 1514 addSignatureAlgorithm(provider, "SHA384", "ECDSA", PREFIX + "SignatureSpi$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384); 1515 addSignatureAlgorithm(provider, "SHA512", "ECDSA", PREFIX + "SignatureSpi$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512); 1516- addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160); 1517- 1518- provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR"); 1519- provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224"); 1520- provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256"); 1521- provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384"); 1522- provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512"); 1523- 1524- addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); 1525- addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); 1526- addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); 1527- addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384); 1528- addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512); 1529- 1530- addSignatureAlgorithm(provider, "SHA1", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1); 1531- addSignatureAlgorithm(provider, "SHA224", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", BSIObjectIdentifiers.ecdsa_plain_SHA224); 1532- addSignatureAlgorithm(provider, "SHA256", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", BSIObjectIdentifiers.ecdsa_plain_SHA256); 1533- addSignatureAlgorithm(provider, "SHA384", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", BSIObjectIdentifiers.ecdsa_plain_SHA384); 1534- addSignatureAlgorithm(provider, "SHA512", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", BSIObjectIdentifiers.ecdsa_plain_SHA512); 1535- addSignatureAlgorithm(provider, "RIPEMD160", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecPlainDSARP160", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160); 1536+ // BEGIN android-removed 1537+ // addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160); 1538+ // 1539+ // provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR"); 1540+ // provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224"); 1541+ // provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256"); 1542+ // provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384"); 1543+ // provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512"); 1544+ // 1545+ // addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); 1546+ // addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); 1547+ // addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); 1548+ // addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384); 1549+ // addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512); 1550+ // 1551+ // addSignatureAlgorithm(provider, "SHA1", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1); 1552+ // addSignatureAlgorithm(provider, "SHA224", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", BSIObjectIdentifiers.ecdsa_plain_SHA224); 1553+ // addSignatureAlgorithm(provider, "SHA256", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", BSIObjectIdentifiers.ecdsa_plain_SHA256); 1554+ // addSignatureAlgorithm(provider, "SHA384", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", BSIObjectIdentifiers.ecdsa_plain_SHA384); 1555+ // addSignatureAlgorithm(provider, "SHA512", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", BSIObjectIdentifiers.ecdsa_plain_SHA512); 1556+ // addSignatureAlgorithm(provider, "RIPEMD160", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecPlainDSARP160", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160); 1557+ // END android-removed 1558 } 1559 } 1560 } 1561diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 1562--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2015-03-01 12:03:02.000000000 +0000 1563+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2015-04-09 13:10:16.000000000 +0000 1564@@ -3,7 +3,9 @@ 1565 import org.bouncycastle.asn1.ASN1ObjectIdentifier; 1566 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; 1567 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 1568-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 1569+// BEGIN android-removed 1570+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 1571+// END android-removed 1572 import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; 1573 import org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi; 1574 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; 1575@@ -26,39 +28,47 @@ 1576 provider.addAlgorithm("AlgorithmParameters.OAEP", PREFIX + "AlgorithmParametersSpi$OAEP"); 1577 provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS"); 1578 1579- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS"); 1580- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS"); 1581- 1582- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS"); 1583- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS"); 1584- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS"); 1585- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS"); 1586- 1587- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS"); 1588- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS"); 1589- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS"); 1590- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS"); 1591- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS"); 1592- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS"); 1593- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS"); 1594- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS"); 1595+ // BEGIN android-removed 1596+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS"); 1597+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS"); 1598+ // 1599+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS"); 1600+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS"); 1601+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS"); 1602+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS"); 1603+ // 1604+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS"); 1605+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS"); 1606+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS"); 1607+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS"); 1608+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS"); 1609+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS"); 1610+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS"); 1611+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS"); 1612+ // END android-removed 1613 1614 provider.addAlgorithm("Cipher.RSA", PREFIX + "CipherSpi$NoPadding"); 1615- provider.addAlgorithm("Cipher.RSA/RAW", PREFIX + "CipherSpi$NoPadding"); 1616- provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); 1617- provider.addAlgorithm("Cipher.1.2.840.113549.1.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); 1618- provider.addAlgorithm("Cipher.2.5.8.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); 1619- provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly"); 1620- provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly"); 1621- provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding"); 1622- provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding"); 1623- provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding"); 1624+ // BEGIN android-changed 1625+ provider.addAlgorithm("Alg.Alias.Cipher.RSA/RAW", "RSA"); 1626+ // END android-changed 1627+ // BEGIN android-removed 1628+ // provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); 1629+ // provider.addAlgorithm("Cipher.1.2.840.113549.1.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); 1630+ // provider.addAlgorithm("Cipher.2.5.8.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); 1631+ // provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly"); 1632+ // provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly"); 1633+ // provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding"); 1634+ // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding"); 1635+ // provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding"); 1636+ // END android-removed 1637 1638 provider.addAlgorithm("Alg.Alias.Cipher.RSA//RAW", "RSA"); 1639 provider.addAlgorithm("Alg.Alias.Cipher.RSA//NOPADDING", "RSA"); 1640- provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1"); 1641- provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP"); 1642- provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1"); 1643+ // BEGIN android-removed 1644+ // provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1"); 1645+ // provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP"); 1646+ // provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1"); 1647+ // END android-removed 1648 1649 provider.addAlgorithm("KeyFactory.RSA", PREFIX + "KeyFactorySpi"); 1650 provider.addAlgorithm("KeyPairGenerator.RSA", PREFIX + "KeyPairGeneratorSpi"); 1651@@ -68,79 +78,89 @@ 1652 registerOid(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA", keyFact); 1653 registerOid(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA", keyFact); 1654 registerOid(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA", keyFact); 1655- registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact); 1656- 1657- registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA"); 1658- registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA"); 1659- registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP"); 1660- registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS"); 1661- 1662- 1663- provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA"); 1664- provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); 1665- provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); 1666- 1667- provider.addAlgorithm("Signature.SHA224WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA224withRSA"); 1668- provider.addAlgorithm("Signature.SHA256WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA256withRSA"); 1669- provider.addAlgorithm("Signature.SHA384WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA384withRSA"); 1670- provider.addAlgorithm("Signature.SHA512WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA512withRSA"); 1671- provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA"); 1672- provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA"); 1673- provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA"); 1674- provider.addAlgorithm("Signature.SHA512withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA512withRSA"); 1675- 1676- provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA"); 1677- provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS"); 1678- 1679- provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA"); 1680- provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA"); 1681- provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS"); 1682- provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS"); 1683- provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS"); 1684- provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS"); 1685- provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS"); 1686- 1687- 1688- provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS"); 1689- provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS"); 1690- provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS"); 1691- provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS"); 1692- 1693- if (provider.hasAlgorithm("MessageDigest", "MD2")) 1694- { 1695- addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption); 1696- } 1697- 1698- if (provider.hasAlgorithm("MessageDigest", "MD4")) 1699- { 1700- addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption); 1701- } 1702+ // BEGIN android-removed 1703+ // registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact); 1704+ // 1705+ // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA"); 1706+ // registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA"); 1707+ // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP"); 1708+ // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS"); 1709+ // 1710+ // 1711+ // provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA"); 1712+ // provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); 1713+ // provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); 1714+ // 1715+ // provider.addAlgorithm("Signature.SHA224WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA224withRSA"); 1716+ // provider.addAlgorithm("Signature.SHA256WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA256withRSA"); 1717+ // provider.addAlgorithm("Signature.SHA384WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA384withRSA"); 1718+ // provider.addAlgorithm("Signature.SHA512WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA512withRSA"); 1719+ // provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA"); 1720+ // provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA"); 1721+ // provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA"); 1722+ // provider.addAlgorithm("Signature.SHA512withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA512withRSA"); 1723+ // 1724+ // provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA"); 1725+ // provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS"); 1726+ // 1727+ // provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA"); 1728+ // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA"); 1729+ // provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS"); 1730+ // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS"); 1731+ // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS"); 1732+ // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS"); 1733+ // provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS"); 1734+ // 1735+ // 1736+ // provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS"); 1737+ // provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS"); 1738+ // provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS"); 1739+ // provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS"); 1740+ // 1741+ // if (provider.hasAlgorithm("MessageDigest", "MD2")) 1742+ // { 1743+ // addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption); 1744+ // } 1745+ // 1746+ // if (provider.hasAlgorithm("MessageDigest", "MD4")) 1747+ // { 1748+ // addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption); 1749+ // } 1750+ // END android-removed 1751 1752 if (provider.hasAlgorithm("MessageDigest", "MD5")) 1753 { 1754 addDigestSignature(provider, "MD5", PREFIX + "DigestSignatureSpi$MD5", PKCSObjectIdentifiers.md5WithRSAEncryption); 1755- provider.addAlgorithm("Signature.MD5withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption"); 1756- provider.addAlgorithm("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2"); 1757+ // END android-removed 1758+ // provider.addAlgorithm("Signature.MD5withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption"); 1759+ // provider.addAlgorithm("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2"); 1760+ // END android-removed 1761 } 1762 1763 if (provider.hasAlgorithm("MessageDigest", "SHA1")) 1764 { 1765- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS"); 1766- provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS"); 1767- provider.addAlgorithm("Signature.SHA1withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA1withRSA"); 1768- provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS"); 1769- provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHRSAANDMGF1", "SHA1withRSA/PSS"); 1770+ // BEGIN android-removed 1771+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS"); 1772+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS"); 1773+ // provider.addAlgorithm("Signature.SHA1withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA1withRSA"); 1774+ // provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS"); 1775+ // provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHRSAANDMGF1", "SHA1withRSA/PSS"); 1776+ // END android-removed 1777 1778 addDigestSignature(provider, "SHA1", PREFIX + "DigestSignatureSpi$SHA1", PKCSObjectIdentifiers.sha1WithRSAEncryption); 1779 1780- provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2"); 1781- provider.addAlgorithm("Signature.SHA1withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption"); 1782+ // BEGIN android-removed 1783+ // provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2"); 1784+ // provider.addAlgorithm("Signature.SHA1withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption"); 1785+ // END android-removed 1786 provider.addAlgorithm("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); 1787 provider.addAlgorithm("Alg.Alias.Signature.OID." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); 1788 1789- provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSA/X9.31", "SHA1WITHRSA/X9.31"); 1790- provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/X9.31", "SHA1WITHRSA/X9.31"); 1791- provider.addAlgorithm("Signature.SHA1WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA1WithRSAEncryption"); 1792+ // BEGIN android-removed 1793+ // provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSA/X9.31", "SHA1WITHRSA/X9.31"); 1794+ // provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/X9.31", "SHA1WITHRSA/X9.31"); 1795+ // provider.addAlgorithm("Signature.SHA1WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA1WithRSAEncryption"); 1796+ // END android-removed 1797 } 1798 1799 addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption); 1800@@ -148,52 +168,54 @@ 1801 addDigestSignature(provider, "SHA384", PREFIX + "DigestSignatureSpi$SHA384", PKCSObjectIdentifiers.sha384WithRSAEncryption); 1802 addDigestSignature(provider, "SHA512", PREFIX + "DigestSignatureSpi$SHA512", PKCSObjectIdentifiers.sha512WithRSAEncryption); 1803 1804- provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSA/X9.31", "SHA224WITHRSA/X9.31"); 1805- provider.addAlgorithm("Alg.Alias.Signature.SHA224WithRSA/X9.31", "SHA224WITHRSA/X9.31"); 1806- provider.addAlgorithm("Signature.SHA224WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA224WithRSAEncryption"); 1807- provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSA/X9.31", "SHA256WITHRSA/X9.31"); 1808- provider.addAlgorithm("Alg.Alias.Signature.SHA256WithRSA/X9.31", "SHA256WITHRSA/X9.31"); 1809- provider.addAlgorithm("Signature.SHA256WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA256WithRSAEncryption"); 1810- provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSA/X9.31", "SHA384WITHRSA/X9.31"); 1811- provider.addAlgorithm("Alg.Alias.Signature.SHA384WithRSA/X9.31", "SHA384WITHRSA/X9.31"); 1812- provider.addAlgorithm("Signature.SHA384WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA384WithRSAEncryption"); 1813- provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSA/X9.31", "SHA512WITHRSA/X9.31"); 1814- provider.addAlgorithm("Alg.Alias.Signature.SHA512WithRSA/X9.31", "SHA512WITHRSA/X9.31"); 1815- provider.addAlgorithm("Signature.SHA512WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA512WithRSAEncryption"); 1816- 1817- if (provider.hasAlgorithm("MessageDigest", "RIPEMD128")) 1818- { 1819- addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 1820- addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null); 1821- provider.addAlgorithm("Alg.Alias.Signature.RIPEMD128withRSA/X9.31", "RIPEMD128WITHRSA/X9.31"); 1822- provider.addAlgorithm("Alg.Alias.Signature.RIPEMD128WithRSA/X9.31", "RIPEMD128WITHRSA/X9.31"); 1823- provider.addAlgorithm("Signature.RIPEMD128WITHRSA/X9.31", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption"); 1824- } 1825- 1826- if (provider.hasAlgorithm("MessageDigest", "RIPEMD160")) 1827- { 1828- addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 1829- addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null); 1830- provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2"); 1831- provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption"); 1832- provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160withRSA/X9.31", "RIPEMD160WITHRSA/X9.31"); 1833- provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/X9.31", "RIPEMD160WITHRSA/X9.31"); 1834- provider.addAlgorithm("Signature.RIPEMD160WITHRSA/X9.31", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption"); 1835- } 1836- 1837- if (provider.hasAlgorithm("MessageDigest", "RIPEMD256")) 1838- { 1839- addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 1840- addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null); 1841- } 1842- 1843- if (provider.hasAlgorithm("MessageDigest", "WHIRLPOOL")) 1844- { 1845- provider.addAlgorithm("Alg.Alias.Signature.WhirlpoolWithRSA/X9.31", "WHIRLPOOLWITHRSA/X9.31"); 1846- provider.addAlgorithm("Alg.Alias.Signature.WHIRLPOOLwithRSA/X9.31", "WHIRLPOOLWITHRSA/X9.31"); 1847- provider.addAlgorithm("Alg.Alias.Signature.WHIRLPOOLWithRSA/X9.31", "WHIRLPOOLWITHRSA/X9.31"); 1848- provider.addAlgorithm("Signature.WHIRLPOOLWITHRSA/X9.31", PREFIX + "X931SignatureSpi$WhirlpoolWithRSAEncryption"); 1849- } 1850+ // BEGIN android-removed 1851+ // provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSA/X9.31", "SHA224WITHRSA/X9.31"); 1852+ // provider.addAlgorithm("Alg.Alias.Signature.SHA224WithRSA/X9.31", "SHA224WITHRSA/X9.31"); 1853+ // provider.addAlgorithm("Signature.SHA224WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA224WithRSAEncryption"); 1854+ // provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSA/X9.31", "SHA256WITHRSA/X9.31"); 1855+ // provider.addAlgorithm("Alg.Alias.Signature.SHA256WithRSA/X9.31", "SHA256WITHRSA/X9.31"); 1856+ // provider.addAlgorithm("Signature.SHA256WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA256WithRSAEncryption"); 1857+ // provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSA/X9.31", "SHA384WITHRSA/X9.31"); 1858+ // provider.addAlgorithm("Alg.Alias.Signature.SHA384WithRSA/X9.31", "SHA384WITHRSA/X9.31"); 1859+ // provider.addAlgorithm("Signature.SHA384WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA384WithRSAEncryption"); 1860+ // provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSA/X9.31", "SHA512WITHRSA/X9.31"); 1861+ // provider.addAlgorithm("Alg.Alias.Signature.SHA512WithRSA/X9.31", "SHA512WITHRSA/X9.31"); 1862+ // provider.addAlgorithm("Signature.SHA512WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA512WithRSAEncryption"); 1863+ // 1864+ // if (provider.hasAlgorithm("MessageDigest", "RIPEMD128")) 1865+ // { 1866+ // addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 1867+ // addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null); 1868+ // provider.addAlgorithm("Alg.Alias.Signature.RIPEMD128withRSA/X9.31", "RIPEMD128WITHRSA/X9.31"); 1869+ // provider.addAlgorithm("Alg.Alias.Signature.RIPEMD128WithRSA/X9.31", "RIPEMD128WITHRSA/X9.31"); 1870+ // provider.addAlgorithm("Signature.RIPEMD128WITHRSA/X9.31", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption"); 1871+ // } 1872+ // 1873+ // if (provider.hasAlgorithm("MessageDigest", "RIPEMD160")) 1874+ // { 1875+ // addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 1876+ // addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null); 1877+ // provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2"); 1878+ // provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption"); 1879+ // provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160withRSA/X9.31", "RIPEMD160WITHRSA/X9.31"); 1880+ // provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/X9.31", "RIPEMD160WITHRSA/X9.31"); 1881+ // provider.addAlgorithm("Signature.RIPEMD160WITHRSA/X9.31", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption"); 1882+ // } 1883+ // 1884+ // if (provider.hasAlgorithm("MessageDigest", "RIPEMD256")) 1885+ // { 1886+ // addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 1887+ // addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null); 1888+ // } 1889+ // 1890+ // if (provider.hasAlgorithm("MessageDigest", "WHIRLPOOL")) 1891+ // { 1892+ // provider.addAlgorithm("Alg.Alias.Signature.WhirlpoolWithRSA/X9.31", "WHIRLPOOLWITHRSA/X9.31"); 1893+ // provider.addAlgorithm("Alg.Alias.Signature.WHIRLPOOLwithRSA/X9.31", "WHIRLPOOLWITHRSA/X9.31"); 1894+ // provider.addAlgorithm("Alg.Alias.Signature.WHIRLPOOLWithRSA/X9.31", "WHIRLPOOLWITHRSA/X9.31"); 1895+ // provider.addAlgorithm("Signature.WHIRLPOOLWITHRSA/X9.31", PREFIX + "X931SignatureSpi$WhirlpoolWithRSAEncryption"); 1896+ // } 1897+ // END android-removed 1898 } 1899 1900 private void addDigestSignature( 1901diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/X509.java 1902--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java 2015-03-01 12:03:02.000000000 +0000 1903+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/X509.java 2012-09-17 23:04:47.000000000 +0000 1904@@ -18,8 +18,10 @@ 1905 1906 public void configure(ConfigurableProvider provider) 1907 { 1908- provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory"); 1909- provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509"); 1910+ // BEGIN android-removed 1911+ // provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory"); 1912+ // provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509"); 1913+ // END android-removed 1914 1915 // 1916 // certificate factories. 1917diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java 1918--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java 2015-03-01 12:03:02.000000000 +0000 1919+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java 2015-07-21 14:37:00.000000000 +0000 1920@@ -23,13 +23,24 @@ 1921 import org.bouncycastle.crypto.DSA; 1922 import org.bouncycastle.crypto.Digest; 1923 import org.bouncycastle.crypto.digests.NullDigest; 1924-import org.bouncycastle.crypto.digests.SHA1Digest; 1925-import org.bouncycastle.crypto.digests.SHA224Digest; 1926-import org.bouncycastle.crypto.digests.SHA256Digest; 1927-import org.bouncycastle.crypto.digests.SHA384Digest; 1928-import org.bouncycastle.crypto.digests.SHA512Digest; 1929+// BEGIN android-added 1930+import org.bouncycastle.crypto.digests.AndroidDigestFactory; 1931+// END android-added 1932+// BEGIN android-removed 1933+// import org.bouncycastle.crypto.digests.SHA1Digest; 1934+// import org.bouncycastle.crypto.digests.SHA224Digest; 1935+// import org.bouncycastle.crypto.digests.SHA256Digest; 1936+// import org.bouncycastle.crypto.digests.SHA384Digest; 1937+// import org.bouncycastle.crypto.digests.SHA512Digest; 1938+// END android-removed 1939+// BEGIN android-added 1940+import org.bouncycastle.crypto.params.DSAKeyParameters; 1941+import org.bouncycastle.crypto.params.DSAParameters; 1942+// END android-added 1943 import org.bouncycastle.crypto.params.ParametersWithRandom; 1944-import org.bouncycastle.crypto.signers.HMacDSAKCalculator; 1945+// BEGIN android-removed 1946+// import org.bouncycastle.crypto.signers.HMacDSAKCalculator; 1947+// END android-removed 1948 1949 public class DSASigner 1950 extends SignatureSpi 1951@@ -79,6 +90,10 @@ 1952 throw new InvalidKeyException("can't recognise key type in DSA based signer"); 1953 } 1954 } 1955+ // BEGIN android-added 1956+ DSAParameters dsaParam = ((DSAKeyParameters) param).getParameters(); 1957+ checkKey(dsaParam); 1958+ // END android-added 1959 1960 digest.reset(); 1961 signer.init(false, param); 1962@@ -100,6 +115,10 @@ 1963 CipherParameters param; 1964 1965 param = DSAUtil.generatePrivateKeyParameter(privateKey); 1966+ // BEGIN android-added 1967+ DSAParameters dsaParam = ((DSAKeyParameters) param).getParameters(); 1968+ checkKey(dsaParam); 1969+ // END android-added 1970 1971 if (random != null) 1972 { 1973@@ -173,6 +192,28 @@ 1974 throw new UnsupportedOperationException("engineSetParameter unsupported"); 1975 } 1976 1977+ // BEGIN android-added 1978+ protected void checkKey(DSAParameters params) throws InvalidKeyException { 1979+ int valueL = params.getP().bitLength(); 1980+ int valueN = params.getQ().bitLength(); 1981+ int digestSize = digest.getDigestSize(); 1982+ 1983+ // The checks are consistent with DSAParametersGenerator's init method. 1984+ if ((valueL < 1024 || valueL > 3072) || valueL % 1024 != 0) { 1985+ throw new InvalidKeyException("valueL values must be between 1024 and 3072 and a multiple of 1024"); 1986+ } else if (valueL == 1024 && valueN != 160) { 1987+ throw new InvalidKeyException("valueN must be 160 for valueL = 1024"); 1988+ } else if (valueL == 2048 && (valueN != 224 && valueN != 256)) { 1989+ throw new InvalidKeyException("valueN must be 224 or 256 for valueL = 2048"); 1990+ } else if (valueL == 3072 && valueN != 256) { 1991+ throw new InvalidKeyException("valueN must be 256 for valueL = 3072"); 1992+ } 1993+ if (valueN > digestSize * 8) { 1994+ throw new InvalidKeyException("Key is too strong for this signature algorithm"); 1995+ } 1996+ } 1997+ 1998+ // END android-added 1999 /** 2000 * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)"> 2001 */ 2002@@ -217,90 +258,102 @@ 2003 { 2004 public stdDSA() 2005 { 2006- super(new SHA1Digest(), new org.bouncycastle.crypto.signers.DSASigner()); 2007+ // BEGIN android-changed 2008+ super(AndroidDigestFactory.getSHA1(), new org.bouncycastle.crypto.signers.DSASigner()); 2009+ // END android-changed 2010 } 2011 } 2012 2013- static public class detDSA 2014- extends DSASigner 2015- { 2016- public detDSA() 2017- { 2018- super(new SHA1Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA1Digest()))); 2019- } 2020- } 2021+ // BEGIN android-removed 2022+ // static public class detDSA 2023+ // extends DSASigner 2024+ // { 2025+ // public detDSA() 2026+ // { 2027+ // super(new SHA1Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA1Digest()))); 2028+ // } 2029+ // } 2030+ // END android-removed 2031 2032 static public class dsa224 2033 extends DSASigner 2034 { 2035 public dsa224() 2036 { 2037- super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner()); 2038+ // BEGIN android-changed 2039+ super(AndroidDigestFactory.getSHA224(), new org.bouncycastle.crypto.signers.DSASigner()); 2040+ // END android-changed 2041 } 2042 } 2043 2044- static public class detDSA224 2045- extends DSASigner 2046- { 2047- public detDSA224() 2048- { 2049- super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA224Digest()))); 2050- } 2051- } 2052+ // BEGIN android-removed 2053+ // static public class detDSA224 2054+ // extends DSASigner 2055+ // { 2056+ // public detDSA224() 2057+ // { 2058+ // super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA224Digest()))); 2059+ // } 2060+ // } 2061+ // END android-removed 2062 2063 static public class dsa256 2064 extends DSASigner 2065 { 2066 public dsa256() 2067 { 2068- super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner()); 2069+ // BEGIN android-changed 2070+ super(AndroidDigestFactory.getSHA256(), new org.bouncycastle.crypto.signers.DSASigner()); 2071+ // END android-changed 2072 } 2073 } 2074 2075- static public class detDSA256 2076- extends DSASigner 2077- { 2078- public detDSA256() 2079- { 2080- super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA256Digest()))); 2081- } 2082- } 2083- 2084- static public class dsa384 2085- extends DSASigner 2086- { 2087- public dsa384() 2088- { 2089- super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner()); 2090- } 2091- } 2092- 2093- static public class detDSA384 2094- extends DSASigner 2095- { 2096- public detDSA384() 2097- { 2098- super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA384Digest()))); 2099- } 2100- } 2101- 2102- static public class dsa512 2103- extends DSASigner 2104- { 2105- public dsa512() 2106- { 2107- super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner()); 2108- } 2109- } 2110- 2111- static public class detDSA512 2112- extends DSASigner 2113- { 2114- public detDSA512() 2115- { 2116- super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA512Digest()))); 2117- } 2118- } 2119+ // BEGIN android-removed 2120+ // static public class detDSA256 2121+ // extends DSASigner 2122+ // { 2123+ // public detDSA256() 2124+ // { 2125+ // super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA256Digest()))); 2126+ // } 2127+ // } 2128+ // 2129+ // static public class dsa384 2130+ // extends DSASigner 2131+ // { 2132+ // public dsa384() 2133+ // { 2134+ // super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner()); 2135+ // } 2136+ // } 2137+ // 2138+ // static public class detDSA384 2139+ // extends DSASigner 2140+ // { 2141+ // public detDSA384() 2142+ // { 2143+ // super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA384Digest()))); 2144+ // } 2145+ // } 2146+ // 2147+ // static public class dsa512 2148+ // extends DSASigner 2149+ // { 2150+ // public dsa512() 2151+ // { 2152+ // super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner()); 2153+ // } 2154+ // } 2155+ // 2156+ // static public class detDSA512 2157+ // extends DSASigner 2158+ // { 2159+ // public detDSA512() 2160+ // { 2161+ // super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA512Digest()))); 2162+ // } 2163+ // } 2164+ // END android-removed 2165 2166 static public class noneDSA 2167 extends DSASigner 2168diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java 2169--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java 2015-03-01 12:03:02.000000000 +0000 2170+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java 2015-06-01 19:10:55.000000000 +0000 2171@@ -23,6 +23,9 @@ 2172 public static final ASN1ObjectIdentifier[] dsaOids = 2173 { 2174 X9ObjectIdentifiers.id_dsa, 2175+ // BEGIN android-added 2176+ X9ObjectIdentifiers.id_dsa_with_sha1, 2177+ // END android-added 2178 OIWObjectIdentifiers.dsaWithSHA1 2179 }; 2180 2181diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2182--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2015-03-01 12:03:02.000000000 +0000 2183+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2015-07-07 18:14:00.000000000 +0000 2184@@ -24,22 +24,28 @@ 2185 import org.bouncycastle.crypto.CipherParameters; 2186 import org.bouncycastle.crypto.DerivationFunction; 2187 import org.bouncycastle.crypto.agreement.ECDHBasicAgreement; 2188-import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement; 2189-import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement; 2190-import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters; 2191-import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator; 2192+// BEGIN android-removed 2193+// import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement; 2194+// import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement; 2195+// import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters; 2196+// import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator; 2197+// END android-removed 2198 import org.bouncycastle.crypto.digests.SHA1Digest; 2199 import org.bouncycastle.crypto.params.DESParameters; 2200 import org.bouncycastle.crypto.params.ECDomainParameters; 2201 import org.bouncycastle.crypto.params.ECPrivateKeyParameters; 2202 import org.bouncycastle.crypto.params.ECPublicKeyParameters; 2203-import org.bouncycastle.crypto.params.MQVPrivateParameters; 2204-import org.bouncycastle.crypto.params.MQVPublicParameters; 2205+// BEGIN android-removed 2206+// import org.bouncycastle.crypto.params.MQVPrivateParameters; 2207+// import org.bouncycastle.crypto.params.MQVPublicParameters; 2208+// END android-removed 2209 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; 2210 import org.bouncycastle.jce.interfaces.ECPrivateKey; 2211 import org.bouncycastle.jce.interfaces.ECPublicKey; 2212-import org.bouncycastle.jce.interfaces.MQVPrivateKey; 2213-import org.bouncycastle.jce.interfaces.MQVPublicKey; 2214+// BEGIN android-removed 2215+// import org.bouncycastle.jce.interfaces.MQVPrivateKey; 2216+// import org.bouncycastle.jce.interfaces.MQVPublicKey; 2217+// END android-removed 2218 import org.bouncycastle.util.Integers; 2219 import org.bouncycastle.util.Strings; 2220 2221@@ -89,7 +95,9 @@ 2222 private BigInteger result; 2223 private ECDomainParameters parameters; 2224 private BasicAgreement agreement; 2225- private DerivationFunction kdf; 2226+ // BEGIN android-removed 2227+ // private DerivationFunction kdf; 2228+ // END android-removed 2229 2230 private byte[] bigIntToBytes( 2231 BigInteger r) 2232@@ -104,7 +112,9 @@ 2233 { 2234 this.kaAlgorithm = kaAlgorithm; 2235 this.agreement = agreement; 2236- this.kdf = kdf; 2237+ // BEGIN android-removed 2238+ // this.kdf = kdf; 2239+ // END android-removed 2240 } 2241 2242 protected Key engineDoPhase( 2243@@ -123,25 +133,27 @@ 2244 } 2245 2246 CipherParameters pubKey; 2247- if (agreement instanceof ECMQVBasicAgreement) 2248- { 2249- if (!(key instanceof MQVPublicKey)) 2250- { 2251- throw new InvalidKeyException(kaAlgorithm + " key agreement requires " 2252- + getSimpleName(MQVPublicKey.class) + " for doPhase"); 2253- } 2254- 2255- MQVPublicKey mqvPubKey = (MQVPublicKey)key; 2256- ECPublicKeyParameters staticKey = (ECPublicKeyParameters) 2257- ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey()); 2258- ECPublicKeyParameters ephemKey = (ECPublicKeyParameters) 2259- ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey()); 2260- 2261- pubKey = new MQVPublicParameters(staticKey, ephemKey); 2262- 2263- // TODO Validate that all the keys are using the same parameters? 2264- } 2265- else 2266+ // BEGIN android-removed 2267+ // if (agreement instanceof ECMQVBasicAgreement) 2268+ // { 2269+ // if (!(key instanceof MQVPublicKey)) 2270+ // { 2271+ // throw new InvalidKeyException(kaAlgorithm + " key agreement requires " 2272+ // + getSimpleName(MQVPublicKey.class) + " for doPhase"); 2273+ // } 2274+ // 2275+ // MQVPublicKey mqvPubKey = (MQVPublicKey)key; 2276+ // ECPublicKeyParameters staticKey = (ECPublicKeyParameters) 2277+ // ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey()); 2278+ // ECPublicKeyParameters ephemKey = (ECPublicKeyParameters) 2279+ // ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey()); 2280+ // 2281+ // pubKey = new MQVPublicParameters(staticKey, ephemKey); 2282+ // 2283+ // // TODO Validate that all the keys are using the same parameters? 2284+ // } 2285+ // else 2286+ // END android-removed 2287 { 2288 if (!(key instanceof PublicKey)) 2289 { 2290@@ -154,7 +166,15 @@ 2291 // TODO Validate that all the keys are using the same parameters? 2292 } 2293 2294+ // BEGIN android-added 2295+ try { 2296+ // END android-added 2297 result = agreement.calculateAgreement(pubKey); 2298+ // BEGIN android-added 2299+ } catch (IllegalStateException e) { 2300+ throw new InvalidKeyException("Invalid public key"); 2301+ } 2302+ // END android-added 2303 2304 return null; 2305 } 2306@@ -162,11 +182,13 @@ 2307 protected byte[] engineGenerateSecret() 2308 throws IllegalStateException 2309 { 2310- if (kdf != null) 2311- { 2312- throw new UnsupportedOperationException( 2313- "KDF can only be used when algorithm is known"); 2314- } 2315+ // BEGIN android-removed 2316+ // if (kdf != null) 2317+ // { 2318+ // throw new UnsupportedOperationException( 2319+ // "KDF can only be used when algorithm is known"); 2320+ // } 2321+ // END android-removed 2322 2323 return bigIntToBytes(result); 2324 } 2325@@ -201,23 +223,25 @@ 2326 oidAlgorithm = ((ASN1ObjectIdentifier)oids.get(algKey)).getId(); 2327 } 2328 2329- if (kdf != null) 2330- { 2331- if (!algorithms.containsKey(oidAlgorithm)) 2332- { 2333- throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm); 2334- } 2335- 2336- int keySize = ((Integer)algorithms.get(oidAlgorithm)).intValue(); 2337- 2338- DHKDFParameters params = new DHKDFParameters(new ASN1ObjectIdentifier(oidAlgorithm), keySize, secret); 2339- 2340- byte[] keyBytes = new byte[keySize / 8]; 2341- kdf.init(params); 2342- kdf.generateBytes(keyBytes, 0, keyBytes.length); 2343- secret = keyBytes; 2344- } 2345- else 2346+ // BEGIN android-removed 2347+ // if (kdf != null) 2348+ // { 2349+ // if (!algorithms.containsKey(oidAlgorithm)) 2350+ // { 2351+ // throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm); 2352+ // } 2353+ // 2354+ // int keySize = ((Integer)algorithms.get(oidAlgorithm)).intValue(); 2355+ // 2356+ // DHKDFParameters params = new DHKDFParameters(new ASN1ObjectIdentifier(oidAlgorithm), keySize, secret); 2357+ // 2358+ // byte[] keyBytes = new byte[keySize / 8]; 2359+ // kdf.init(params); 2360+ // kdf.generateBytes(keyBytes, 0, keyBytes.length); 2361+ // secret = keyBytes; 2362+ // } 2363+ // else 2364+ // END android-removed 2365 { 2366 if (algorithms.containsKey(oidAlgorithm)) 2367 { 2368@@ -264,35 +288,37 @@ 2369 private void initFromKey(Key key) 2370 throws InvalidKeyException 2371 { 2372- if (agreement instanceof ECMQVBasicAgreement) 2373- { 2374- if (!(key instanceof MQVPrivateKey)) 2375- { 2376- throw new InvalidKeyException(kaAlgorithm + " key agreement requires " 2377- + getSimpleName(MQVPrivateKey.class) + " for initialisation"); 2378- } 2379- 2380- MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key; 2381- ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters) 2382- ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey()); 2383- ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters) 2384- ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey()); 2385- 2386- ECPublicKeyParameters ephemPubKey = null; 2387- if (mqvPrivKey.getEphemeralPublicKey() != null) 2388- { 2389- ephemPubKey = (ECPublicKeyParameters) 2390- ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey()); 2391- } 2392- 2393- MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey); 2394- this.parameters = staticPrivKey.getParameters(); 2395- 2396- // TODO Validate that all the keys are using the same parameters? 2397- 2398- agreement.init(localParams); 2399- } 2400- else 2401+ // BEGIN android-removed 2402+ // if (agreement instanceof ECMQVBasicAgreement) 2403+ // { 2404+ // if (!(key instanceof MQVPrivateKey)) 2405+ // { 2406+ // throw new InvalidKeyException(kaAlgorithm + " key agreement requires " 2407+ // + getSimpleName(MQVPrivateKey.class) + " for initialisation"); 2408+ // } 2409+ // 2410+ // MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key; 2411+ // ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters) 2412+ // ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey()); 2413+ // ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters) 2414+ // ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey()); 2415+ // 2416+ // ECPublicKeyParameters ephemPubKey = null; 2417+ // if (mqvPrivKey.getEphemeralPublicKey() != null) 2418+ // { 2419+ // ephemPubKey = (ECPublicKeyParameters) 2420+ // ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey()); 2421+ // } 2422+ // 2423+ // MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey); 2424+ // this.parameters = staticPrivKey.getParameters(); 2425+ // 2426+ // // TODO Validate that all the keys are using the same parameters? 2427+ // 2428+ // agreement.init(localParams); 2429+ // } 2430+ // else 2431+ // END android-removed 2432 { 2433 if (!(key instanceof PrivateKey)) 2434 { 2435@@ -323,39 +349,41 @@ 2436 } 2437 } 2438 2439- public static class DHC 2440- extends KeyAgreementSpi 2441- { 2442- public DHC() 2443- { 2444- super("ECDHC", new ECDHCBasicAgreement(), null); 2445- } 2446- } 2447- 2448- public static class MQV 2449- extends KeyAgreementSpi 2450- { 2451- public MQV() 2452- { 2453- super("ECMQV", new ECMQVBasicAgreement(), null); 2454- } 2455- } 2456- 2457- public static class DHwithSHA1KDF 2458- extends KeyAgreementSpi 2459- { 2460- public DHwithSHA1KDF() 2461- { 2462- super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); 2463- } 2464- } 2465- 2466- public static class MQVwithSHA1KDF 2467- extends KeyAgreementSpi 2468- { 2469- public MQVwithSHA1KDF() 2470- { 2471- super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); 2472- } 2473- } 2474+ // BEGIN android-removed 2475+ // public static class DHC 2476+ // extends KeyAgreementSpi 2477+ // { 2478+ // public DHC() 2479+ // { 2480+ // super("ECDHC", new ECDHCBasicAgreement(), null); 2481+ // } 2482+ // } 2483+ // 2484+ // public static class MQV 2485+ // extends KeyAgreementSpi 2486+ // { 2487+ // public MQV() 2488+ // { 2489+ // super("ECMQV", new ECMQVBasicAgreement(), null); 2490+ // } 2491+ // } 2492+ // 2493+ // public static class DHwithSHA1KDF 2494+ // extends KeyAgreementSpi 2495+ // { 2496+ // public DHwithSHA1KDF() 2497+ // { 2498+ // super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); 2499+ // } 2500+ // } 2501+ // 2502+ // public static class MQVwithSHA1KDF 2503+ // extends KeyAgreementSpi 2504+ // { 2505+ // public MQVwithSHA1KDF() 2506+ // { 2507+ // super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); 2508+ // } 2509+ // } 2510+ // END android-removed 2511 } 2512diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java 2513--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java 2015-03-01 12:03:02.000000000 +0000 2514+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java 2013-05-25 02:14:15.000000000 +0000 2515@@ -201,14 +201,16 @@ 2516 } 2517 } 2518 2519- public static class ECGOST3410 2520- extends KeyFactorySpi 2521- { 2522- public ECGOST3410() 2523- { 2524- super("ECGOST3410", BouncyCastleProvider.CONFIGURATION); 2525- } 2526- } 2527+ // BEGIN android-removed 2528+ // public static class ECGOST3410 2529+ // extends KeyFactorySpi 2530+ // { 2531+ // public ECGOST3410() 2532+ // { 2533+ // super("ECGOST3410", BouncyCastleProvider.CONFIGURATION); 2534+ // } 2535+ // } 2536+ // END android-removed 2537 2538 public static class ECDH 2539 extends KeyFactorySpi 2540diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2541--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2015-03-01 12:03:02.000000000 +0000 2542+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2015-05-12 17:22:22.000000000 +0000 2543@@ -42,7 +42,9 @@ 2544 ECKeyGenerationParameters param; 2545 ECKeyPairGenerator engine = new ECKeyPairGenerator(); 2546 Object ecParams = null; 2547- int strength = 239; 2548+ // BEGIN android-changed 2549+ int strength = 256; 2550+ // BEGIN android-changed 2551 int certainty = 50; 2552 SecureRandom random = new SecureRandom(); 2553 boolean initialised = false; 2554@@ -84,7 +86,13 @@ 2555 SecureRandom random) 2556 { 2557 this.strength = strength; 2558+ // BEGIN android-added 2559+ if (random != null) { 2560+ // END android-added 2561 this.random = random; 2562+ // BEGIN android-added 2563+ } 2564+ // END android-added 2565 2566 ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integers.valueOf(strength)); 2567 if (ecParams == null) 2568@@ -107,6 +115,11 @@ 2569 SecureRandom random) 2570 throws InvalidAlgorithmParameterException 2571 { 2572+ // BEGIN android-added 2573+ if (random == null) { 2574+ random = this.random; 2575+ } 2576+ // END android-added 2577 if (params == null) 2578 { 2579 ECParameterSpec implicitCA = configuration.getEcImplicitlyCa(); 2580@@ -267,4 +280,4 @@ 2581 super("ECMQV", BouncyCastleProvider.CONFIGURATION); 2582 } 2583 } 2584-} 2585\ No newline at end of file 2586+} 2587diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2588--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2015-03-01 12:03:02.000000000 +0000 2589+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2014-07-28 19:51:54.000000000 +0000 2590@@ -16,16 +16,23 @@ 2591 import org.bouncycastle.crypto.DSA; 2592 import org.bouncycastle.crypto.Digest; 2593 import org.bouncycastle.crypto.digests.NullDigest; 2594-import org.bouncycastle.crypto.digests.RIPEMD160Digest; 2595-import org.bouncycastle.crypto.digests.SHA1Digest; 2596-import org.bouncycastle.crypto.digests.SHA224Digest; 2597-import org.bouncycastle.crypto.digests.SHA256Digest; 2598-import org.bouncycastle.crypto.digests.SHA384Digest; 2599-import org.bouncycastle.crypto.digests.SHA512Digest; 2600+// BEGIN android-added 2601+import org.bouncycastle.crypto.digests.AndroidDigestFactory; 2602+// END android-added 2603+// BEGIN android-removed 2604+// import org.bouncycastle.crypto.digests.RIPEMD160Digest; 2605+// import org.bouncycastle.crypto.digests.SHA1Digest; 2606+// import org.bouncycastle.crypto.digests.SHA224Digest; 2607+// import org.bouncycastle.crypto.digests.SHA256Digest; 2608+// import org.bouncycastle.crypto.digests.SHA384Digest; 2609+// import org.bouncycastle.crypto.digests.SHA512Digest; 2610+// END android-removed 2611 import org.bouncycastle.crypto.params.ParametersWithRandom; 2612 import org.bouncycastle.crypto.signers.ECDSASigner; 2613-import org.bouncycastle.crypto.signers.ECNRSigner; 2614-import org.bouncycastle.crypto.signers.HMacDSAKCalculator; 2615+// BEGIN android-removed 2616+// import org.bouncycastle.crypto.signers.ECNRSigner; 2617+// import org.bouncycastle.crypto.signers.HMacDSAKCalculator; 2618+// END android-removed 2619 import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase; 2620 import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder; 2621 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; 2622@@ -70,18 +77,22 @@ 2623 { 2624 public ecDSA() 2625 { 2626- super(new SHA1Digest(), new ECDSASigner(), new StdDSAEncoder()); 2627+ // BEGIN android-changed 2628+ super(AndroidDigestFactory.getSHA1(), new ECDSASigner(), new StdDSAEncoder()); 2629+ // END android-changed 2630 } 2631 } 2632 2633- static public class ecDetDSA 2634- extends SignatureSpi 2635- { 2636- public ecDetDSA() 2637- { 2638- super(new SHA1Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA1Digest())), new StdDSAEncoder()); 2639- } 2640- } 2641+ // BEGIN android-removed 2642+ // static public class ecDetDSA 2643+ // extends SignatureSpi 2644+ // { 2645+ // public ecDetDSA() 2646+ // { 2647+ // super(new SHA1Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA1Digest())), new StdDSAEncoder()); 2648+ // } 2649+ // } 2650+ // END android-removed 2651 2652 static public class ecDSAnone 2653 extends SignatureSpi 2654@@ -97,180 +108,196 @@ 2655 { 2656 public ecDSA224() 2657 { 2658- super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder()); 2659+ // BEGIN android-changed 2660+ super(AndroidDigestFactory.getSHA224(), new ECDSASigner(), new StdDSAEncoder()); 2661+ // END android-changed 2662 } 2663 } 2664 2665- static public class ecDetDSA224 2666- extends SignatureSpi 2667- { 2668- public ecDetDSA224() 2669- { 2670- super(new SHA224Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA224Digest())), new StdDSAEncoder()); 2671- } 2672- } 2673+ // BEGIN android-removed 2674+ // static public class ecDetDSA224 2675+ // extends SignatureSpi 2676+ // { 2677+ // public ecDetDSA224() 2678+ // { 2679+ // super(new SHA224Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA224Digest())), new StdDSAEncoder()); 2680+ // } 2681+ // } 2682+ // END android-removed 2683 2684 static public class ecDSA256 2685 extends SignatureSpi 2686 { 2687 public ecDSA256() 2688 { 2689- super(new SHA256Digest(), new ECDSASigner(), new StdDSAEncoder()); 2690+ // BEGIN android-changed 2691+ super(AndroidDigestFactory.getSHA256(), new ECDSASigner(), new StdDSAEncoder()); 2692+ // END android-changed 2693 } 2694 } 2695 2696- static public class ecDetDSA256 2697- extends SignatureSpi 2698- { 2699- public ecDetDSA256() 2700- { 2701- super(new SHA256Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest())), new StdDSAEncoder()); 2702- } 2703- } 2704+ // BEGIN android-removed 2705+ // static public class ecDetDSA256 2706+ // extends SignatureSpi 2707+ // { 2708+ // public ecDetDSA256() 2709+ // { 2710+ // super(new SHA256Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest())), new StdDSAEncoder()); 2711+ // } 2712+ // } 2713+ // END android-removed 2714 2715 static public class ecDSA384 2716 extends SignatureSpi 2717 { 2718 public ecDSA384() 2719 { 2720- super(new SHA384Digest(), new ECDSASigner(), new StdDSAEncoder()); 2721+ // BEGIN android-changed 2722+ super(AndroidDigestFactory.getSHA384(), new ECDSASigner(), new StdDSAEncoder()); 2723+ // END android-changed 2724 } 2725 } 2726 2727- static public class ecDetDSA384 2728- extends SignatureSpi 2729- { 2730- public ecDetDSA384() 2731- { 2732- super(new SHA384Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA384Digest())), new StdDSAEncoder()); 2733- } 2734- } 2735+ // BEGIN android-removed 2736+ // static public class ecDetDSA384 2737+ // extends SignatureSpi 2738+ // { 2739+ // public ecDetDSA384() 2740+ // { 2741+ // super(new SHA384Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA384Digest())), new StdDSAEncoder()); 2742+ // } 2743+ // } 2744+ // END android-removed 2745 2746 static public class ecDSA512 2747 extends SignatureSpi 2748 { 2749 public ecDSA512() 2750 { 2751- super(new SHA512Digest(), new ECDSASigner(), new StdDSAEncoder()); 2752- } 2753- } 2754- 2755- static public class ecDetDSA512 2756- extends SignatureSpi 2757- { 2758- public ecDetDSA512() 2759- { 2760- super(new SHA512Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA512Digest())), new StdDSAEncoder()); 2761- } 2762- } 2763- 2764- static public class ecDSARipeMD160 2765- extends SignatureSpi 2766- { 2767- public ecDSARipeMD160() 2768- { 2769- super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder()); 2770- } 2771- } 2772- 2773- static public class ecNR 2774- extends SignatureSpi 2775- { 2776- public ecNR() 2777- { 2778- super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder()); 2779- } 2780- } 2781- 2782- static public class ecNR224 2783- extends SignatureSpi 2784- { 2785- public ecNR224() 2786- { 2787- super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder()); 2788- } 2789- } 2790- 2791- static public class ecNR256 2792- extends SignatureSpi 2793- { 2794- public ecNR256() 2795- { 2796- super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder()); 2797- } 2798- } 2799- 2800- static public class ecNR384 2801- extends SignatureSpi 2802- { 2803- public ecNR384() 2804- { 2805- super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder()); 2806- } 2807- } 2808- 2809- static public class ecNR512 2810- extends SignatureSpi 2811- { 2812- public ecNR512() 2813- { 2814- super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder()); 2815- } 2816- } 2817- 2818- static public class ecCVCDSA 2819- extends SignatureSpi 2820- { 2821- public ecCVCDSA() 2822- { 2823- super(new SHA1Digest(), new ECDSASigner(), new PlainDSAEncoder()); 2824- } 2825- } 2826- 2827- static public class ecCVCDSA224 2828- extends SignatureSpi 2829- { 2830- public ecCVCDSA224() 2831- { 2832- super(new SHA224Digest(), new ECDSASigner(), new PlainDSAEncoder()); 2833- } 2834- } 2835- 2836- static public class ecCVCDSA256 2837- extends SignatureSpi 2838- { 2839- public ecCVCDSA256() 2840- { 2841- super(new SHA256Digest(), new ECDSASigner(), new PlainDSAEncoder()); 2842- } 2843- } 2844- 2845- static public class ecCVCDSA384 2846- extends SignatureSpi 2847- { 2848- public ecCVCDSA384() 2849- { 2850- super(new SHA384Digest(), new ECDSASigner(), new PlainDSAEncoder()); 2851- } 2852- } 2853- 2854- static public class ecCVCDSA512 2855- extends SignatureSpi 2856- { 2857- public ecCVCDSA512() 2858- { 2859- super(new SHA512Digest(), new ECDSASigner(), new PlainDSAEncoder()); 2860- } 2861- } 2862- 2863- static public class ecPlainDSARP160 2864- extends SignatureSpi 2865- { 2866- public ecPlainDSARP160() 2867- { 2868- super(new RIPEMD160Digest(), new ECDSASigner(), new PlainDSAEncoder()); 2869- } 2870- } 2871+ // BEGIN android-changed 2872+ super(AndroidDigestFactory.getSHA512(), new ECDSASigner(), new StdDSAEncoder()); 2873+ // END android-changed 2874+ } 2875+ } 2876+ 2877+ // BEGIN android-removed 2878+ // static public class ecDetDSA512 2879+ // extends SignatureSpi 2880+ // { 2881+ // public ecDetDSA512() 2882+ // { 2883+ // super(new SHA512Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA512Digest())), new StdDSAEncoder()); 2884+ // } 2885+ // } 2886+ // 2887+ // static public class ecDSARipeMD160 2888+ // extends SignatureSpi 2889+ // { 2890+ // public ecDSARipeMD160() 2891+ // { 2892+ // super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder()); 2893+ // } 2894+ // } 2895+ // 2896+ // static public class ecNR 2897+ // extends SignatureSpi 2898+ // { 2899+ // public ecNR() 2900+ // { 2901+ // super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder()); 2902+ // } 2903+ // } 2904+ // 2905+ // static public class ecNR224 2906+ // extends SignatureSpi 2907+ // { 2908+ // public ecNR224() 2909+ // { 2910+ // super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder()); 2911+ // } 2912+ // } 2913+ // 2914+ // static public class ecNR256 2915+ // extends SignatureSpi 2916+ // { 2917+ // public ecNR256() 2918+ // { 2919+ // super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder()); 2920+ // } 2921+ // } 2922+ // 2923+ // static public class ecNR384 2924+ // extends SignatureSpi 2925+ // { 2926+ // public ecNR384() 2927+ // { 2928+ // super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder()); 2929+ // } 2930+ // } 2931+ // 2932+ // static public class ecNR512 2933+ // extends SignatureSpi 2934+ // { 2935+ // public ecNR512() 2936+ // { 2937+ // super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder()); 2938+ // } 2939+ // } 2940+ // 2941+ // static public class ecCVCDSA 2942+ // extends SignatureSpi 2943+ // { 2944+ // public ecCVCDSA() 2945+ // { 2946+ // super(new SHA1Digest(), new ECDSASigner(), new PlainDSAEncoder()); 2947+ // } 2948+ // } 2949+ // 2950+ // static public class ecCVCDSA224 2951+ // extends SignatureSpi 2952+ // { 2953+ // public ecCVCDSA224() 2954+ // { 2955+ // super(new SHA224Digest(), new ECDSASigner(), new PlainDSAEncoder()); 2956+ // } 2957+ // } 2958+ // 2959+ // static public class ecCVCDSA256 2960+ // extends SignatureSpi 2961+ // { 2962+ // public ecCVCDSA256() 2963+ // { 2964+ // super(new SHA256Digest(), new ECDSASigner(), new PlainDSAEncoder()); 2965+ // } 2966+ // } 2967+ // 2968+ // static public class ecCVCDSA384 2969+ // extends SignatureSpi 2970+ // { 2971+ // public ecCVCDSA384() 2972+ // { 2973+ // super(new SHA384Digest(), new ECDSASigner(), new PlainDSAEncoder()); 2974+ // } 2975+ // } 2976+ // 2977+ // static public class ecCVCDSA512 2978+ // extends SignatureSpi 2979+ // { 2980+ // public ecCVCDSA512() 2981+ // { 2982+ // super(new SHA512Digest(), new ECDSASigner(), new PlainDSAEncoder()); 2983+ // } 2984+ // } 2985+ // 2986+ // static public class ecPlainDSARP160 2987+ // extends SignatureSpi 2988+ // { 2989+ // public ecPlainDSARP160() 2990+ // { 2991+ // super(new RIPEMD160Digest(), new ECDSASigner(), new PlainDSAEncoder()); 2992+ // } 2993+ // } 2994+ // END android-removed 2995 2996 private static class StdDSAEncoder 2997 implements DSAEncoder 2998@@ -302,66 +329,68 @@ 2999 } 3000 } 3001 3002- private static class PlainDSAEncoder 3003- implements DSAEncoder 3004- { 3005- public byte[] encode( 3006- BigInteger r, 3007- BigInteger s) 3008- throws IOException 3009- { 3010- byte[] first = makeUnsigned(r); 3011- byte[] second = makeUnsigned(s); 3012- byte[] res; 3013- 3014- if (first.length > second.length) 3015- { 3016- res = new byte[first.length * 2]; 3017- } 3018- else 3019- { 3020- res = new byte[second.length * 2]; 3021- } 3022- 3023- System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length); 3024- System.arraycopy(second, 0, res, res.length - second.length, second.length); 3025- 3026- return res; 3027- } 3028- 3029- 3030- private byte[] makeUnsigned(BigInteger val) 3031- { 3032- byte[] res = val.toByteArray(); 3033- 3034- if (res[0] == 0) 3035- { 3036- byte[] tmp = new byte[res.length - 1]; 3037- 3038- System.arraycopy(res, 1, tmp, 0, tmp.length); 3039- 3040- return tmp; 3041- } 3042- 3043- return res; 3044- } 3045- 3046- public BigInteger[] decode( 3047- byte[] encoding) 3048- throws IOException 3049- { 3050- BigInteger[] sig = new BigInteger[2]; 3051- 3052- byte[] first = new byte[encoding.length / 2]; 3053- byte[] second = new byte[encoding.length / 2]; 3054- 3055- System.arraycopy(encoding, 0, first, 0, first.length); 3056- System.arraycopy(encoding, first.length, second, 0, second.length); 3057- 3058- sig[0] = new BigInteger(1, first); 3059- sig[1] = new BigInteger(1, second); 3060- 3061- return sig; 3062- } 3063- } 3064-} 3065\ No newline at end of file 3066+ // BEGIN android-removed 3067+ // private static class PlainDSAEncoder 3068+ // implements DSAEncoder 3069+ // { 3070+ // public byte[] encode( 3071+ // BigInteger r, 3072+ // BigInteger s) 3073+ // throws IOException 3074+ // { 3075+ // byte[] first = makeUnsigned(r); 3076+ // byte[] second = makeUnsigned(s); 3077+ // byte[] res; 3078+ // 3079+ // if (first.length > second.length) 3080+ // { 3081+ // res = new byte[first.length * 2]; 3082+ // } 3083+ // else 3084+ // { 3085+ // res = new byte[second.length * 2]; 3086+ // } 3087+ // 3088+ // System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length); 3089+ // System.arraycopy(second, 0, res, res.length - second.length, second.length); 3090+ // 3091+ // return res; 3092+ // } 3093+ // 3094+ // 3095+ // private byte[] makeUnsigned(BigInteger val) 3096+ // { 3097+ // byte[] res = val.toByteArray(); 3098+ // 3099+ // if (res[0] == 0) 3100+ // { 3101+ // byte[] tmp = new byte[res.length - 1]; 3102+ // 3103+ // System.arraycopy(res, 1, tmp, 0, tmp.length); 3104+ // 3105+ // return tmp; 3106+ // } 3107+ // 3108+ // return res; 3109+ // } 3110+ // 3111+ // public BigInteger[] decode( 3112+ // byte[] encoding) 3113+ // throws IOException 3114+ // { 3115+ // BigInteger[] sig = new BigInteger[2]; 3116+ // 3117+ // byte[] first = new byte[encoding.length / 2]; 3118+ // byte[] second = new byte[encoding.length / 2]; 3119+ // 3120+ // System.arraycopy(encoding, 0, first, 0, first.length); 3121+ // System.arraycopy(encoding, first.length, second, 0, second.length); 3122+ // 3123+ // sig[0] = new BigInteger(1, first); 3124+ // sig[1] = new BigInteger(1, second); 3125+ // 3126+ // return sig; 3127+ // } 3128+ // } 3129+ // END android-removed 3130+} 3131diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 3132--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2015-03-01 12:03:02.000000000 +0000 3133+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2015-04-09 13:10:16.000000000 +0000 3134@@ -26,7 +26,9 @@ 3135 import org.bouncycastle.crypto.CipherParameters; 3136 import org.bouncycastle.crypto.Digest; 3137 import org.bouncycastle.crypto.InvalidCipherTextException; 3138-import org.bouncycastle.crypto.encodings.ISO9796d1Encoding; 3139+// BEGIN android-removed 3140+// import org.bouncycastle.crypto.encodings.ISO9796d1Encoding; 3141+// END android-removed 3142 import org.bouncycastle.crypto.encodings.OAEPEncoding; 3143 import org.bouncycastle.crypto.encodings.PKCS1Encoding; 3144 import org.bouncycastle.crypto.engines.RSABlindedEngine; 3145@@ -201,10 +203,12 @@ 3146 { 3147 cipher = new PKCS1Encoding(new RSABlindedEngine()); 3148 } 3149- else if (pad.equals("ISO9796-1PADDING")) 3150- { 3151- cipher = new ISO9796d1Encoding(new RSABlindedEngine()); 3152- } 3153+ // BEGIN android-removed 3154+ // else if (pad.equals("ISO9796-1PADDING")) 3155+ // { 3156+ // cipher = new ISO9796d1Encoding(new RSABlindedEngine()); 3157+ // } 3158+ // END android-removed 3159 else if (pad.equals("OAEPWITHMD5ANDMGF1PADDING")) 3160 { 3161 initFromSpec(new OAEPParameterSpec("MD5", "MGF1", new MGF1ParameterSpec("MD5"), PSource.PSpecified.DEFAULT)); 3162@@ -543,48 +547,50 @@ 3163 } 3164 } 3165 3166- static public class PKCS1v1_5Padding 3167- extends CipherSpi 3168- { 3169- public PKCS1v1_5Padding() 3170- { 3171- super(new PKCS1Encoding(new RSABlindedEngine())); 3172- } 3173- } 3174- 3175- static public class PKCS1v1_5Padding_PrivateOnly 3176- extends CipherSpi 3177- { 3178- public PKCS1v1_5Padding_PrivateOnly() 3179- { 3180- super(false, true, new PKCS1Encoding(new RSABlindedEngine())); 3181- } 3182- } 3183- 3184- static public class PKCS1v1_5Padding_PublicOnly 3185- extends CipherSpi 3186- { 3187- public PKCS1v1_5Padding_PublicOnly() 3188- { 3189- super(true, false, new PKCS1Encoding(new RSABlindedEngine())); 3190- } 3191- } 3192- 3193- static public class OAEPPadding 3194- extends CipherSpi 3195- { 3196- public OAEPPadding() 3197- { 3198- super(OAEPParameterSpec.DEFAULT); 3199- } 3200- } 3201- 3202- static public class ISO9796d1Padding 3203- extends CipherSpi 3204- { 3205- public ISO9796d1Padding() 3206- { 3207- super(new ISO9796d1Encoding(new RSABlindedEngine())); 3208- } 3209- } 3210+ // BEGIN android-removed 3211+ // static public class PKCS1v1_5Padding 3212+ // extends CipherSpi 3213+ // { 3214+ // public PKCS1v1_5Padding() 3215+ // { 3216+ // super(new PKCS1Encoding(new RSABlindedEngine())); 3217+ // } 3218+ // } 3219+ // 3220+ // static public class PKCS1v1_5Padding_PrivateOnly 3221+ // extends CipherSpi 3222+ // { 3223+ // public PKCS1v1_5Padding_PrivateOnly() 3224+ // { 3225+ // super(false, true, new PKCS1Encoding(new RSABlindedEngine())); 3226+ // } 3227+ // } 3228+ // 3229+ // static public class PKCS1v1_5Padding_PublicOnly 3230+ // extends CipherSpi 3231+ // { 3232+ // public PKCS1v1_5Padding_PublicOnly() 3233+ // { 3234+ // super(true, false, new PKCS1Encoding(new RSABlindedEngine())); 3235+ // } 3236+ // } 3237+ // 3238+ // static public class OAEPPadding 3239+ // extends CipherSpi 3240+ // { 3241+ // public OAEPPadding() 3242+ // { 3243+ // super(OAEPParameterSpec.DEFAULT); 3244+ // } 3245+ // } 3246+ // 3247+ // static public class ISO9796d1Padding 3248+ // extends CipherSpi 3249+ // { 3250+ // public ISO9796d1Padding() 3251+ // { 3252+ // super(new ISO9796d1Encoding(new RSABlindedEngine())); 3253+ // } 3254+ // } 3255+ // END android-removed 3256 } 3257diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java 3258--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java 2015-03-01 12:03:02.000000000 +0000 3259+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java 2015-04-09 13:10:16.000000000 +0000 3260@@ -17,24 +17,31 @@ 3261 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; 3262 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; 3263 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 3264-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 3265+// BEGIN android-removed 3266+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 3267+// END android-removed 3268 import org.bouncycastle.asn1.x509.AlgorithmIdentifier; 3269 import org.bouncycastle.asn1.x509.DigestInfo; 3270 import org.bouncycastle.crypto.AsymmetricBlockCipher; 3271 import org.bouncycastle.crypto.CipherParameters; 3272 import org.bouncycastle.crypto.Digest; 3273-import org.bouncycastle.crypto.digests.MD2Digest; 3274-import org.bouncycastle.crypto.digests.MD4Digest; 3275-import org.bouncycastle.crypto.digests.MD5Digest; 3276-import org.bouncycastle.crypto.digests.NullDigest; 3277-import org.bouncycastle.crypto.digests.RIPEMD128Digest; 3278-import org.bouncycastle.crypto.digests.RIPEMD160Digest; 3279-import org.bouncycastle.crypto.digests.RIPEMD256Digest; 3280-import org.bouncycastle.crypto.digests.SHA1Digest; 3281-import org.bouncycastle.crypto.digests.SHA224Digest; 3282-import org.bouncycastle.crypto.digests.SHA256Digest; 3283-import org.bouncycastle.crypto.digests.SHA384Digest; 3284-import org.bouncycastle.crypto.digests.SHA512Digest; 3285+// BEGIN android-removed 3286+// import org.bouncycastle.crypto.digests.MD2Digest; 3287+// import org.bouncycastle.crypto.digests.MD4Digest; 3288+// import org.bouncycastle.crypto.digests.MD5Digest; 3289+// import org.bouncycastle.crypto.digests.NullDigest; 3290+// import org.bouncycastle.crypto.digests.RIPEMD128Digest; 3291+// import org.bouncycastle.crypto.digests.RIPEMD160Digest; 3292+// import org.bouncycastle.crypto.digests.RIPEMD256Digest; 3293+// import org.bouncycastle.crypto.digests.SHA1Digest; 3294+// import org.bouncycastle.crypto.digests.SHA224Digest; 3295+// import org.bouncycastle.crypto.digests.SHA256Digest; 3296+// import org.bouncycastle.crypto.digests.SHA384Digest; 3297+// import org.bouncycastle.crypto.digests.SHA512Digest; 3298+// END android-removed 3299+// BEGIN android-added 3300+import org.bouncycastle.crypto.digests.AndroidDigestFactory; 3301+// END android-added 3302 import org.bouncycastle.crypto.encodings.PKCS1Encoding; 3303 import org.bouncycastle.crypto.engines.RSABlindedEngine; 3304 import org.bouncycastle.util.Arrays; 3305@@ -254,7 +261,9 @@ 3306 { 3307 public SHA1() 3308 { 3309- super(OIWObjectIdentifiers.idSHA1, new SHA1Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3310+ // BEGIN android-changed 3311+ super(OIWObjectIdentifiers.idSHA1, AndroidDigestFactory.getSHA1(), new PKCS1Encoding(new RSABlindedEngine())); 3312+ // END android-changed 3313 } 3314 } 3315 3316@@ -263,7 +272,9 @@ 3317 { 3318 public SHA224() 3319 { 3320- super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3321+ // BEGIN android-changed 3322+ super(NISTObjectIdentifiers.id_sha224, AndroidDigestFactory.getSHA224(), new PKCS1Encoding(new RSABlindedEngine())); 3323+ // END android-changed 3324 } 3325 } 3326 3327@@ -272,7 +283,9 @@ 3328 { 3329 public SHA256() 3330 { 3331- super(NISTObjectIdentifiers.id_sha256, new SHA256Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3332+ // BEGIN android-changed 3333+ super(NISTObjectIdentifiers.id_sha256, AndroidDigestFactory.getSHA256(), new PKCS1Encoding(new RSABlindedEngine())); 3334+ // END android-changed 3335 } 3336 } 3337 3338@@ -281,7 +294,9 @@ 3339 { 3340 public SHA384() 3341 { 3342- super(NISTObjectIdentifiers.id_sha384, new SHA384Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3343+ // BEGIN android-changed 3344+ super(NISTObjectIdentifiers.id_sha384, AndroidDigestFactory.getSHA384(), new PKCS1Encoding(new RSABlindedEngine())); 3345+ // END android-changed 3346 } 3347 } 3348 3349@@ -290,70 +305,78 @@ 3350 { 3351 public SHA512() 3352 { 3353- super(NISTObjectIdentifiers.id_sha512, new SHA512Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3354+ // BEGIN android-changed 3355+ super(NISTObjectIdentifiers.id_sha512, AndroidDigestFactory.getSHA512(), new PKCS1Encoding(new RSABlindedEngine())); 3356+ // END android-changed 3357 } 3358 } 3359 3360- static public class MD2 3361- extends DigestSignatureSpi 3362- { 3363- public MD2() 3364- { 3365- super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3366- } 3367- } 3368- 3369- static public class MD4 3370- extends DigestSignatureSpi 3371- { 3372- public MD4() 3373- { 3374- super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3375- } 3376- } 3377+ // BEGIN android-removed 3378+ // static public class MD2 3379+ // extends DigestSignatureSpi 3380+ // { 3381+ // public MD2() 3382+ // { 3383+ // super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3384+ // } 3385+ // } 3386+ // 3387+ // static public class MD4 3388+ // extends DigestSignatureSpi 3389+ // { 3390+ // public MD4() 3391+ // { 3392+ // super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3393+ // } 3394+ // } 3395+ // END android-removed 3396 3397 static public class MD5 3398 extends DigestSignatureSpi 3399 { 3400 public MD5() 3401 { 3402- super(PKCSObjectIdentifiers.md5, new MD5Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3403- } 3404- } 3405- 3406- static public class RIPEMD160 3407- extends DigestSignatureSpi 3408- { 3409- public RIPEMD160() 3410- { 3411- super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3412+ // BEGIN android-changed 3413+ super(PKCSObjectIdentifiers.md5, AndroidDigestFactory.getMD5(), new PKCS1Encoding(new RSABlindedEngine())); 3414+ // END android-changed 3415 } 3416 } 3417 3418- static public class RIPEMD128 3419- extends DigestSignatureSpi 3420- { 3421- public RIPEMD128() 3422- { 3423- super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3424- } 3425- } 3426- 3427- static public class RIPEMD256 3428- extends DigestSignatureSpi 3429- { 3430- public RIPEMD256() 3431- { 3432- super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3433- } 3434- } 3435- 3436- static public class noneRSA 3437- extends DigestSignatureSpi 3438- { 3439- public noneRSA() 3440- { 3441- super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine())); 3442- } 3443- } 3444+ // BEGIN android-removed 3445+ // static public class RIPEMD160 3446+ // extends DigestSignatureSpi 3447+ // { 3448+ // public RIPEMD160() 3449+ // { 3450+ // super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3451+ // } 3452+ // } 3453+ // 3454+ // static public class RIPEMD128 3455+ // extends DigestSignatureSpi 3456+ // { 3457+ // public RIPEMD128() 3458+ // { 3459+ // super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3460+ // } 3461+ // } 3462+ // 3463+ // static public class RIPEMD256 3464+ // extends DigestSignatureSpi 3465+ // { 3466+ // public RIPEMD256() 3467+ // { 3468+ // super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine())); 3469+ // } 3470+ // } 3471+ // 3472+ // static public class noneRSA 3473+ // extends DigestSignatureSpi 3474+ // { 3475+ // public noneRSA() 3476+ // { 3477+ // super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine())); 3478+ // } 3479+ // } 3480+ // END android-removed 3481 } 3482diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java 3483--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java 2015-03-01 12:03:02.000000000 +0000 3484+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java 2015-04-09 13:10:16.000000000 +0000 3485@@ -18,8 +18,10 @@ 3486 import javax.crypto.NoSuchPaddingException; 3487 import javax.crypto.spec.IvParameterSpec; 3488 import javax.crypto.spec.PBEParameterSpec; 3489-import javax.crypto.spec.RC2ParameterSpec; 3490-import javax.crypto.spec.RC5ParameterSpec; 3491+// BEGIN android-removed 3492+// import javax.crypto.spec.RC2ParameterSpec; 3493+// import javax.crypto.spec.RC5ParameterSpec; 3494+// END android-removed 3495 import javax.crypto.spec.SecretKeySpec; 3496 3497 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; 3498@@ -39,8 +41,10 @@ 3499 { 3500 IvParameterSpec.class, 3501 PBEParameterSpec.class, 3502- RC2ParameterSpec.class, 3503- RC5ParameterSpec.class 3504+ // BEGIN android-removed 3505+ // RC2ParameterSpec.class, 3506+ // RC5ParameterSpec.class 3507+ // END android-removed 3508 }; 3509 3510 private final JcaJceHelper helper = new BCJcaJceHelper(); 3511diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java 3512--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java 2015-03-01 12:03:02.000000000 +0000 3513+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java 2015-04-09 13:10:16.000000000 +0000 3514@@ -6,11 +6,15 @@ 3515 import java.security.PublicKey; 3516 3517 import org.bouncycastle.asn1.ASN1ObjectIdentifier; 3518-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; 3519+// BEGIN android-removed 3520+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; 3521+// END android-removed 3522 import org.bouncycastle.asn1.nist.NISTNamedCurves; 3523 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; 3524 import org.bouncycastle.asn1.sec.SECNamedCurves; 3525-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; 3526+// BEGIN android-removed 3527+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; 3528+// END android-removed 3529 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; 3530 import org.bouncycastle.asn1.x9.X962NamedCurves; 3531 import org.bouncycastle.asn1.x9.X962Parameters; 3532@@ -247,14 +251,16 @@ 3533 { 3534 oid = NISTNamedCurves.getOID(name); 3535 } 3536- if (oid == null) 3537- { 3538- oid = TeleTrusTNamedCurves.getOID(name); 3539- } 3540- if (oid == null) 3541- { 3542- oid = ECGOST3410NamedCurves.getOID(name); 3543- } 3544+ // BEGIN android-removed 3545+ // if (oid == null) 3546+ // { 3547+ // oid = TeleTrusTNamedCurves.getOID(name); 3548+ // } 3549+ // if (oid == null) 3550+ // { 3551+ // oid = ECGOST3410NamedCurves.getOID(name); 3552+ // } 3553+ // END android-removed 3554 } 3555 3556 return oid; 3557@@ -276,10 +282,12 @@ 3558 { 3559 params = NISTNamedCurves.getByOID(oid); 3560 } 3561- if (params == null) 3562- { 3563- params = TeleTrusTNamedCurves.getByOID(oid); 3564- } 3565+ // BEGIN android-removed 3566+ // if (params == null) 3567+ // { 3568+ // params = TeleTrusTNamedCurves.getByOID(oid); 3569+ // } 3570+ // END android-removed 3571 } 3572 3573 return params; 3574@@ -297,14 +305,16 @@ 3575 { 3576 name = NISTNamedCurves.getName(oid); 3577 } 3578- if (name == null) 3579- { 3580- name = TeleTrusTNamedCurves.getName(oid); 3581- } 3582- if (name == null) 3583- { 3584- name = ECGOST3410NamedCurves.getName(oid); 3585- } 3586+ // BEGIN android-removed 3587+ // if (name == null) 3588+ // { 3589+ // name = TeleTrusTNamedCurves.getName(oid); 3590+ // } 3591+ // if (name == null) 3592+ // { 3593+ // name = ECGOST3410NamedCurves.getName(oid); 3594+ // } 3595+ // END android-removed 3596 } 3597 3598 return name; 3599diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java 3600--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java 2015-03-01 12:03:02.000000000 +0000 3601+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java 2015-04-09 13:10:16.000000000 +0000 3602@@ -37,7 +37,9 @@ 3603 import org.bouncycastle.jcajce.util.BCJcaJceHelper; 3604 import org.bouncycastle.jcajce.util.JcaJceHelper; 3605 import org.bouncycastle.util.io.pem.PemObject; 3606-import org.bouncycastle.util.io.pem.PemWriter; 3607+// BEGIN android-removed 3608+// import org.bouncycastle.util.io.pem.PemWriter; 3609+// END android-removed 3610 3611 /** 3612 * CertPath implementation for X.509 certificates. 3613@@ -54,7 +56,9 @@ 3614 { 3615 List encodings = new ArrayList(); 3616 encodings.add("PkiPath"); 3617- encodings.add("PEM"); 3618+ // BEGIN android-removed 3619+ // encodings.add("PEM"); 3620+ // END android-removed 3621 encodings.add("PKCS7"); 3622 certPathEncodings = Collections.unmodifiableList(encodings); 3623 } 3624@@ -301,27 +305,29 @@ 3625 return toDEREncoded(new ContentInfo( 3626 PKCSObjectIdentifiers.signedData, sd)); 3627 } 3628- else if (encoding.equalsIgnoreCase("PEM")) 3629- { 3630- ByteArrayOutputStream bOut = new ByteArrayOutputStream(); 3631- PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut)); 3632- 3633- try 3634- { 3635- for (int i = 0; i != certificates.size(); i++) 3636- { 3637- pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded())); 3638- } 3639- 3640- pWrt.close(); 3641- } 3642- catch (Exception e) 3643- { 3644- throw new CertificateEncodingException("can't encode certificate for PEM encoded path"); 3645- } 3646- 3647- return bOut.toByteArray(); 3648- } 3649+ // BEGIN android-removed 3650+ // else if (encoding.equalsIgnoreCase("PEM")) 3651+ // { 3652+ // ByteArrayOutputStream bOut = new ByteArrayOutputStream(); 3653+ // PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut)); 3654+ // 3655+ // try 3656+ // { 3657+ // for (int i = 0; i != certificates.size(); i++) 3658+ // { 3659+ // pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded())); 3660+ // } 3661+ // 3662+ // pWrt.close(); 3663+ // } 3664+ // catch (Exception e) 3665+ // { 3666+ // throw new CertificateEncodingException("can't encode certificate for PEM encoded path"); 3667+ // } 3668+ // 3669+ // return bOut.toByteArray(); 3670+ // } 3671+ // END android-removed 3672 else 3673 { 3674 throw new CertificateEncodingException("unsupported encoding: " + encoding); 3675diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java 3676--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java 2015-03-01 12:03:02.000000000 +0000 3677+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java 2015-04-09 13:10:16.000000000 +0000 3678@@ -55,6 +55,9 @@ 3679 import org.bouncycastle.asn1.x509.Extensions; 3680 import org.bouncycastle.asn1.x509.GeneralName; 3681 import org.bouncycastle.asn1.x509.KeyUsage; 3682+// BEGIN android-added 3683+import org.bouncycastle.asn1.x509.X509Name; 3684+// END android-added 3685 import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; 3686 import org.bouncycastle.jce.X509Principal; 3687 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; 3688@@ -534,12 +537,20 @@ 3689 } 3690 } 3691 3692+ // BEGIN android-changed 3693+ private byte[] encoded; 3694+ // END android-changed 3695 public byte[] getEncoded() 3696 throws CertificateEncodingException 3697 { 3698 try 3699 { 3700- return c.getEncoded(ASN1Encoding.DER); 3701+ // BEGIN android-changed 3702+ if (encoded == null) { 3703+ encoded = c.getEncoded(ASN1Encoding.DER); 3704+ } 3705+ return encoded; 3706+ // END android-changed 3707 } 3708 catch (IOException e) 3709 { 3710@@ -839,7 +850,9 @@ 3711 list.add(genName.getEncoded()); 3712 break; 3713 case GeneralName.directoryName: 3714- list.add(X500Name.getInstance(RFC4519Style.INSTANCE, genName.getName()).toString()); 3715+ // BEGIN android-changed 3716+ list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols)); 3717+ // END android-changed 3718 break; 3719 case GeneralName.dNSName: 3720 case GeneralName.rfc822Name: 3721diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java 3722--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java 2015-03-01 12:03:02.000000000 +0000 3723+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java 2015-04-09 13:10:16.000000000 +0000 3724@@ -16,12 +16,16 @@ 3725 import org.bouncycastle.asn1.ASN1ObjectIdentifier; 3726 import org.bouncycastle.asn1.ASN1Sequence; 3727 import org.bouncycastle.asn1.DERNull; 3728-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 3729+// BEGIN android-removed 3730+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 3731+// END android-removed 3732 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; 3733 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; 3734 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 3735 import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; 3736-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 3737+// BEGIN android-removed 3738+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 3739+// END android-removed 3740 import org.bouncycastle.asn1.x509.AlgorithmIdentifier; 3741 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; 3742 import org.bouncycastle.jce.provider.BouncyCastleProvider; 3743@@ -143,22 +147,24 @@ 3744 { 3745 return "SHA512"; 3746 } 3747- else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) 3748- { 3749- return "RIPEMD128"; 3750- } 3751- else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) 3752- { 3753- return "RIPEMD160"; 3754- } 3755- else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) 3756- { 3757- return "RIPEMD256"; 3758- } 3759- else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) 3760- { 3761- return "GOST3411"; 3762- } 3763+ // BEGIN android-removed 3764+ // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) 3765+ // { 3766+ // return "RIPEMD128"; 3767+ // } 3768+ // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) 3769+ // { 3770+ // return "RIPEMD160"; 3771+ // } 3772+ // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) 3773+ // { 3774+ // return "RIPEMD256"; 3775+ // } 3776+ // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) 3777+ // { 3778+ // return "GOST3411"; 3779+ // } 3780+ // END android-removed 3781 else 3782 { 3783 return digestAlgOID.getId(); 3784diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/digest/SHA256.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/digest/SHA256.java 3785--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/digest/SHA256.java 2015-03-01 12:03:02.000000000 +0000 3786+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/digest/SHA256.java 2013-05-25 02:14:15.000000000 +0000 3787@@ -45,17 +45,19 @@ 3788 } 3789 } 3790 3791- /** 3792- * PBEWithHmacSHA 3793- */ 3794- public static class PBEWithMacKeyFactory 3795- extends PBESecretKeyFactory 3796- { 3797- public PBEWithMacKeyFactory() 3798- { 3799- super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0); 3800- } 3801- } 3802+ // BEGIN android-removed 3803+ // /** 3804+ // * PBEWithHmacSHA 3805+ // */ 3806+ // public static class PBEWithMacKeyFactory 3807+ // extends PBESecretKeyFactory 3808+ // { 3809+ // public PBEWithMacKeyFactory() 3810+ // { 3811+ // super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0); 3812+ // } 3813+ // } 3814+ // END android-removed 3815 3816 /** 3817 * HMACSHA256 3818@@ -84,9 +86,11 @@ 3819 provider.addAlgorithm("Alg.Alias.MessageDigest.SHA256", "SHA-256"); 3820 provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256"); 3821 3822- provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory"); 3823- provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256"); 3824- provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256"); 3825+ // BEGIN android-removed 3826+ // provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory"); 3827+ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256"); 3828+ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256"); 3829+ // END android-removed 3830 3831 addHMACAlgorithm(provider, "SHA256", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); 3832 addHMACAlias(provider, "SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256); 3833diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/digest/SHA384.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/digest/SHA384.java 3834--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/digest/SHA384.java 2015-03-01 12:03:02.000000000 +0000 3835+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/digest/SHA384.java 2013-05-25 02:14:15.000000000 +0000 3836@@ -5,7 +5,9 @@ 3837 import org.bouncycastle.crypto.CipherKeyGenerator; 3838 import org.bouncycastle.crypto.digests.SHA384Digest; 3839 import org.bouncycastle.crypto.macs.HMac; 3840-import org.bouncycastle.crypto.macs.OldHMac; 3841+// BEGIN android-removed 3842+// import org.bouncycastle.crypto.macs.OldHMac; 3843+// END android-removed 3844 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; 3845 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; 3846 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; 3847@@ -57,14 +59,16 @@ 3848 } 3849 } 3850 3851- public static class OldSHA384 3852- extends BaseMac 3853- { 3854- public OldSHA384() 3855- { 3856- super(new OldHMac(new SHA384Digest())); 3857- } 3858- } 3859+ // BEGIN android-removed 3860+ // public static class OldSHA384 3861+ // extends BaseMac 3862+ // { 3863+ // public OldSHA384() 3864+ // { 3865+ // super(new OldHMac(new SHA384Digest())); 3866+ // } 3867+ // } 3868+ // END android-removed 3869 3870 public static class Mappings 3871 extends DigestAlgorithmProvider 3872@@ -80,7 +84,9 @@ 3873 provider.addAlgorithm("MessageDigest.SHA-384", PREFIX + "$Digest"); 3874 provider.addAlgorithm("Alg.Alias.MessageDigest.SHA384", "SHA-384"); 3875 provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384"); 3876- provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384"); 3877+ // BEGIN android-removed 3878+ // provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384"); 3879+ // END android-removed 3880 3881 addHMACAlgorithm(provider, "SHA384", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); 3882 addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384); 3883diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/digest/SHA512.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/digest/SHA512.java 3884--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/digest/SHA512.java 2015-03-01 12:03:02.000000000 +0000 3885+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/digest/SHA512.java 2013-05-25 02:14:15.000000000 +0000 3886@@ -4,9 +4,13 @@ 3887 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 3888 import org.bouncycastle.crypto.CipherKeyGenerator; 3889 import org.bouncycastle.crypto.digests.SHA512Digest; 3890-import org.bouncycastle.crypto.digests.SHA512tDigest; 3891+// BEGIN android-removed 3892+// import org.bouncycastle.crypto.digests.SHA512tDigest; 3893+// END android-removed 3894 import org.bouncycastle.crypto.macs.HMac; 3895-import org.bouncycastle.crypto.macs.OldHMac; 3896+// BEGIN android-removed 3897+// import org.bouncycastle.crypto.macs.OldHMac; 3898+// END android-removed 3899 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; 3900 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; 3901 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; 3902@@ -37,42 +41,44 @@ 3903 } 3904 } 3905 3906- static public class DigestT 3907- extends BCMessageDigest 3908- implements Cloneable 3909- { 3910- public DigestT(int bitLength) 3911- { 3912- super(new SHA512tDigest(bitLength)); 3913- } 3914- 3915- public Object clone() 3916- throws CloneNotSupportedException 3917- { 3918- DigestT d = (DigestT)super.clone(); 3919- d.digest = new SHA512tDigest((SHA512tDigest)digest); 3920- 3921- return d; 3922- } 3923- } 3924- 3925- static public class DigestT224 3926- extends DigestT 3927- { 3928- public DigestT224() 3929- { 3930- super(224); 3931- } 3932- } 3933- 3934- static public class DigestT256 3935- extends DigestT 3936- { 3937- public DigestT256() 3938- { 3939- super(256); 3940- } 3941- } 3942+ // BEGIN android-removed 3943+ // static public class DigestT 3944+ // extends BCMessageDigest 3945+ // implements Cloneable 3946+ // { 3947+ // public DigestT(int bitLength) 3948+ // { 3949+ // super(new SHA512tDigest(bitLength)); 3950+ // } 3951+ // 3952+ // public Object clone() 3953+ // throws CloneNotSupportedException 3954+ // { 3955+ // DigestT d = (DigestT)super.clone(); 3956+ // d.digest = new SHA512tDigest((SHA512tDigest)digest); 3957+ // 3958+ // return d; 3959+ // } 3960+ // } 3961+ // 3962+ // static public class DigestT224 3963+ // extends DigestT 3964+ // { 3965+ // public DigestT224() 3966+ // { 3967+ // super(224); 3968+ // } 3969+ // } 3970+ // 3971+ // static public class DigestT256 3972+ // extends DigestT 3973+ // { 3974+ // public DigestT256() 3975+ // { 3976+ // super(256); 3977+ // } 3978+ // } 3979+ // END android-removed 3980 3981 public static class HashMac 3982 extends BaseMac 3983@@ -83,35 +89,37 @@ 3984 } 3985 } 3986 3987- public static class HashMacT224 3988- extends BaseMac 3989- { 3990- public HashMacT224() 3991- { 3992- super(new HMac(new SHA512tDigest(224))); 3993- } 3994- } 3995- 3996- public static class HashMacT256 3997- extends BaseMac 3998- { 3999- public HashMacT256() 4000- { 4001- super(new HMac(new SHA512tDigest(256))); 4002- } 4003- } 4004- 4005- /** 4006- * SHA-512 HMac 4007- */ 4008- public static class OldSHA512 4009- extends BaseMac 4010- { 4011- public OldSHA512() 4012- { 4013- super(new OldHMac(new SHA512Digest())); 4014- } 4015- } 4016+ // BEGIN android-removed 4017+ // public static class HashMacT224 4018+ // extends BaseMac 4019+ // { 4020+ // public HashMacT224() 4021+ // { 4022+ // super(new HMac(new SHA512tDigest(224))); 4023+ // } 4024+ // } 4025+ // 4026+ // public static class HashMacT256 4027+ // extends BaseMac 4028+ // { 4029+ // public HashMacT256() 4030+ // { 4031+ // super(new HMac(new SHA512tDigest(256))); 4032+ // } 4033+ // } 4034+ // 4035+ // /** 4036+ // * SHA-512 HMac 4037+ // */ 4038+ // public static class OldSHA512 4039+ // extends BaseMac 4040+ // { 4041+ // public OldSHA512() 4042+ // { 4043+ // super(new OldHMac(new SHA512Digest())); 4044+ // } 4045+ // } 4046+ // END android-removed 4047 4048 /** 4049 * HMACSHA512 4050@@ -125,23 +133,25 @@ 4051 } 4052 } 4053 4054- public static class KeyGeneratorT224 4055- extends BaseKeyGenerator 4056- { 4057- public KeyGeneratorT224() 4058- { 4059- super("HMACSHA512/224", 224, new CipherKeyGenerator()); 4060- } 4061- } 4062- 4063- public static class KeyGeneratorT256 4064- extends BaseKeyGenerator 4065- { 4066- public KeyGeneratorT256() 4067- { 4068- super("HMACSHA512/256", 256, new CipherKeyGenerator()); 4069- } 4070- } 4071+ // BEGIN android-removed 4072+ // public static class KeyGeneratorT224 4073+ // extends BaseKeyGenerator 4074+ // { 4075+ // public KeyGeneratorT224() 4076+ // { 4077+ // super("HMACSHA512/224", 224, new CipherKeyGenerator()); 4078+ // } 4079+ // } 4080+ // 4081+ // public static class KeyGeneratorT256 4082+ // extends BaseKeyGenerator 4083+ // { 4084+ // public KeyGeneratorT256() 4085+ // { 4086+ // super("HMACSHA512/256", 256, new CipherKeyGenerator()); 4087+ // } 4088+ // } 4089+ // END android-removed 4090 4091 public static class Mappings 4092 extends DigestAlgorithmProvider 4093@@ -158,21 +168,25 @@ 4094 provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512", "SHA-512"); 4095 provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512"); 4096 4097- provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224"); 4098- provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224"); 4099- provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224"); 4100- 4101- provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256"); 4102- provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256"); 4103- provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256"); 4104- 4105- provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512"); 4106+ // BEGIN android-removed 4107+ // provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224"); 4108+ // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224"); 4109+ // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224"); 4110+ // 4111+ // provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256"); 4112+ // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256"); 4113+ // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256"); 4114+ // 4115+ // provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512"); 4116+ // END android-removed 4117 4118 addHMACAlgorithm(provider, "SHA512", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); 4119 addHMACAlias(provider, "SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512); 4120 4121- addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224", PREFIX + "$KeyGeneratorT224"); 4122- addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256"); 4123+ // BEGIN android-removed 4124+ // addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224", PREFIX + "$KeyGeneratorT224"); 4125+ // addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256"); 4126+ // END android-removed 4127 } 4128 } 4129 4130diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/keystore/BC.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/keystore/BC.java 4131--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/keystore/BC.java 2015-03-01 12:03:02.000000000 +0000 4132+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/keystore/BC.java 2013-05-25 02:14:15.000000000 +0000 4133@@ -17,7 +17,9 @@ 4134 public void configure(ConfigurableProvider provider) 4135 { 4136 provider.addAlgorithm("KeyStore.BKS", PREFIX + "BcKeyStoreSpi$Std"); 4137- provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1"); 4138+ // BEGIN android-removed 4139+ // provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1"); 4140+ // END android-removed 4141 provider.addAlgorithm("KeyStore.BouncyCastle", PREFIX + "BcKeyStoreSpi$BouncyCastleStore"); 4142 provider.addAlgorithm("Alg.Alias.KeyStore.UBER", "BouncyCastle"); 4143 provider.addAlgorithm("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle"); 4144diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/keystore/PKCS12.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/keystore/PKCS12.java 4145--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/keystore/PKCS12.java 2015-03-01 12:03:02.000000000 +0000 4146+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/keystore/PKCS12.java 2013-05-25 02:14:15.000000000 +0000 4147@@ -17,14 +17,16 @@ 4148 public void configure(ConfigurableProvider provider) 4149 { 4150 provider.addAlgorithm("KeyStore.PKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); 4151- provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); 4152- provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); 4153- 4154- provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); 4155- provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES"); 4156- 4157- provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); 4158- provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES"); 4159+ // BEGIN android-removed 4160+ // provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); 4161+ // provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); 4162+ // 4163+ // provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); 4164+ // provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES"); 4165+ // 4166+ // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); 4167+ // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES"); 4168+ // END android-removed 4169 } 4170 } 4171 } 4172diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java 4173--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java 2015-03-01 12:03:02.000000000 +0000 4174+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java 2015-04-09 13:10:16.000000000 +0000 4175@@ -62,8 +62,10 @@ 4176 import org.bouncycastle.asn1.DEROutputStream; 4177 import org.bouncycastle.asn1.DERSequence; 4178 import org.bouncycastle.asn1.DERSet; 4179-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 4180-import org.bouncycastle.asn1.cryptopro.GOST28147Parameters; 4181+// BEGIN android-removed 4182+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 4183+// import org.bouncycastle.asn1.cryptopro.GOST28147Parameters; 4184+// END android-removed 4185 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; 4186 import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; 4187 import org.bouncycastle.asn1.pkcs.AuthenticatedSafe; 4188@@ -89,7 +91,9 @@ 4189 import org.bouncycastle.crypto.digests.SHA1Digest; 4190 import org.bouncycastle.jcajce.PKCS12StoreParameter; 4191 import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; 4192-import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec; 4193+// BEGIN android-removed 4194+// import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec; 4195+// END android-removed 4196 import org.bouncycastle.jcajce.spec.PBKDF2KeySpec; 4197 import org.bouncycastle.jcajce.util.BCJcaJceHelper; 4198 import org.bouncycastle.jcajce.util.JcaJceHelper; 4199@@ -753,13 +757,15 @@ 4200 { 4201 cipher.init(mode, key, new IvParameterSpec(ASN1OctetString.getInstance(encParams).getOctets())); 4202 } 4203- else 4204- { 4205- // TODO: at the moment it's just GOST, but... 4206- GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams); 4207- 4208- cipher.init(mode, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV())); 4209- } 4210+ // BEGIN android-removed 4211+ // else 4212+ // { 4213+ // // TODO: at the moment it's just GOST, but... 4214+ // GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams); 4215+ // 4216+ // cipher.init(mode, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV())); 4217+ // } 4218+ // END android-removed 4219 return cipher; 4220 } 4221 4222@@ -1680,33 +1686,34 @@ 4223 super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); 4224 } 4225 } 4226- 4227- public static class BCPKCS12KeyStore3DES 4228- extends PKCS12KeyStoreSpi 4229- { 4230- public BCPKCS12KeyStore3DES() 4231- { 4232- super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); 4233- } 4234- } 4235- 4236- public static class DefPKCS12KeyStore 4237- extends PKCS12KeyStoreSpi 4238- { 4239- public DefPKCS12KeyStore() 4240- { 4241- super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); 4242- } 4243- } 4244- 4245- public static class DefPKCS12KeyStore3DES 4246- extends PKCS12KeyStoreSpi 4247- { 4248- public DefPKCS12KeyStore3DES() 4249- { 4250- super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); 4251- } 4252- } 4253+ // BEGIN android-removed 4254+ // public static class BCPKCS12KeyStore3DES 4255+ // extends PKCS12KeyStoreSpi 4256+ // { 4257+ // public BCPKCS12KeyStore3DES() 4258+ // { 4259+ // super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); 4260+ // } 4261+ // } 4262+ // 4263+ // public static class DefPKCS12KeyStore 4264+ // extends PKCS12KeyStoreSpi 4265+ // { 4266+ // public DefPKCS12KeyStore() 4267+ // { 4268+ // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); 4269+ // } 4270+ // } 4271+ // 4272+ // public static class DefPKCS12KeyStore3DES 4273+ // extends PKCS12KeyStoreSpi 4274+ // { 4275+ // public DefPKCS12KeyStore3DES() 4276+ // { 4277+ // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); 4278+ // } 4279+ // } 4280+ // END android-removed 4281 4282 private static class IgnoresCaseHashtable 4283 { 4284@@ -1779,7 +1786,9 @@ 4285 keySizes.put(NTTObjectIdentifiers.id_camellia192_cbc, Integers.valueOf(192)); 4286 keySizes.put(NTTObjectIdentifiers.id_camellia256_cbc, Integers.valueOf(256)); 4287 4288- keySizes.put(CryptoProObjectIdentifiers.gostR28147_gcfb, Integers.valueOf(256)); 4289+ // BEGIN android-removed 4290+ // keySizes.put(CryptoProObjectIdentifiers.gostR28147_gcfb, Integers.valueOf(256)); 4291+ // END android-removed 4292 4293 KEY_SIZES = Collections.unmodifiableMap(keySizes); 4294 } 4295diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/AES.java 4296--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java 2015-03-01 12:03:02.000000000 +0000 4297+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/AES.java 2015-07-22 00:42:46.000000000 +0000 4298@@ -3,16 +3,28 @@ 4299 import java.io.IOException; 4300 import java.lang.reflect.Constructor; 4301 import java.lang.reflect.Method; 4302-import java.security.AlgorithmParameters; 4303-import java.security.InvalidAlgorithmParameterException; 4304+// BEGIN android-added 4305+import java.security.NoSuchAlgorithmException; 4306+// END android-added 4307+// BEGIN android-removed 4308+// import java.security.AlgorithmParameters; 4309+// import java.security.InvalidAlgorithmParameterException; 4310+// END android-removed 4311 import java.security.SecureRandom; 4312 import java.security.spec.AlgorithmParameterSpec; 4313 import java.security.spec.InvalidParameterSpecException; 4314 4315-import javax.crypto.spec.IvParameterSpec; 4316- 4317+// BEGIN android-removed 4318+// import javax.crypto.spec.IvParameterSpec; 4319+// END android-removed 4320+ 4321+// BEGIN android-added 4322+import javax.crypto.NoSuchPaddingException; 4323+// END android-added 4324 import org.bouncycastle.asn1.bc.BCObjectIdentifiers; 4325-import org.bouncycastle.asn1.cms.CCMParameters; 4326+// BEGIN android-removed 4327+// import org.bouncycastle.asn1.cms.CCMParameters; 4328+// END android-removed 4329 import org.bouncycastle.asn1.cms.GCMParameters; 4330 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; 4331 import org.bouncycastle.crypto.BlockCipher; 4332@@ -20,22 +32,30 @@ 4333 import org.bouncycastle.crypto.CipherKeyGenerator; 4334 import org.bouncycastle.crypto.engines.AESFastEngine; 4335 import org.bouncycastle.crypto.engines.AESWrapEngine; 4336-import org.bouncycastle.crypto.engines.RFC3211WrapEngine; 4337-import org.bouncycastle.crypto.engines.RFC5649WrapEngine; 4338-import org.bouncycastle.crypto.generators.Poly1305KeyGenerator; 4339-import org.bouncycastle.crypto.macs.CMac; 4340-import org.bouncycastle.crypto.macs.GMac; 4341+// BEGIN android-removed 4342+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; 4343+// import org.bouncycastle.crypto.engines.RFC5649WrapEngine; 4344+// import org.bouncycastle.crypto.generators.Poly1305KeyGenerator; 4345+// import org.bouncycastle.crypto.macs.CMac; 4346+// import org.bouncycastle.crypto.macs.GMac; 4347+// END android-removed 4348 import org.bouncycastle.crypto.modes.CBCBlockCipher; 4349-import org.bouncycastle.crypto.modes.CCMBlockCipher; 4350+// BEGIN android-removed 4351+// import org.bouncycastle.crypto.modes.CCMBlockCipher; 4352+// END android-removed 4353 import org.bouncycastle.crypto.modes.CFBBlockCipher; 4354 import org.bouncycastle.crypto.modes.GCMBlockCipher; 4355 import org.bouncycastle.crypto.modes.OFBBlockCipher; 4356 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; 4357-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; 4358+// BEGIN android-removed 4359+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; 4360+// END android-removed 4361 import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; 4362 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; 4363 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; 4364-import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; 4365+// BEGIN android-removed 4366+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; 4367+// END android-removed 4368 import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; 4369 import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; 4370 import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; 4371@@ -98,53 +118,64 @@ 4372 public GCM() 4373 { 4374 super(new GCMBlockCipher(new AESFastEngine())); 4375+ // BEGIN android-added 4376+ try { 4377+ engineSetMode("GCM"); 4378+ engineSetPadding("NoPadding"); 4379+ } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { 4380+ // this should not be possible 4381+ throw new RuntimeException("Could not set mode or padding for GCM mode", e); 4382+ } 4383+ // END android-added 4384 } 4385 } 4386 4387- static public class CCM 4388- extends BaseBlockCipher 4389- { 4390- public CCM() 4391- { 4392- super(new CCMBlockCipher(new AESFastEngine())); 4393- } 4394- } 4395- 4396- public static class AESCMAC 4397- extends BaseMac 4398- { 4399- public AESCMAC() 4400- { 4401- super(new CMac(new AESFastEngine())); 4402- } 4403- } 4404- 4405- public static class AESGMAC 4406- extends BaseMac 4407- { 4408- public AESGMAC() 4409- { 4410- super(new GMac(new GCMBlockCipher(new AESFastEngine()))); 4411- } 4412- } 4413- 4414- public static class Poly1305 4415- extends BaseMac 4416- { 4417- public Poly1305() 4418- { 4419- super(new org.bouncycastle.crypto.macs.Poly1305(new AESFastEngine())); 4420- } 4421- } 4422- 4423- public static class Poly1305KeyGen 4424- extends BaseKeyGenerator 4425- { 4426- public Poly1305KeyGen() 4427- { 4428- super("Poly1305-AES", 256, new Poly1305KeyGenerator()); 4429- } 4430- } 4431+ // BEGIN android-removed 4432+ // static public class CCM 4433+ // extends BaseBlockCipher 4434+ // { 4435+ // public CCM() 4436+ // { 4437+ // super(new CCMBlockCipher(new AESFastEngine())); 4438+ // } 4439+ // } 4440+ // 4441+ // public static class AESCMAC 4442+ // extends BaseMac 4443+ // { 4444+ // public AESCMAC() 4445+ // { 4446+ // super(new CMac(new AESFastEngine())); 4447+ // } 4448+ // } 4449+ // 4450+ // public static class AESGMAC 4451+ // extends BaseMac 4452+ // { 4453+ // public AESGMAC() 4454+ // { 4455+ // super(new GMac(new GCMBlockCipher(new AESFastEngine()))); 4456+ // } 4457+ // } 4458+ // 4459+ // public static class Poly1305 4460+ // extends BaseMac 4461+ // { 4462+ // public Poly1305() 4463+ // { 4464+ // super(new org.bouncycastle.crypto.macs.Poly1305(new AESFastEngine())); 4465+ // } 4466+ // } 4467+ // 4468+ // public static class Poly1305KeyGen 4469+ // extends BaseKeyGenerator 4470+ // { 4471+ // public Poly1305KeyGen() 4472+ // { 4473+ // super("Poly1305-AES", 256, new Poly1305KeyGenerator()); 4474+ // } 4475+ // } 4476+ // END android-removed 4477 4478 static public class Wrap 4479 extends BaseWrapCipher 4480@@ -155,23 +186,25 @@ 4481 } 4482 } 4483 4484- public static class RFC3211Wrap 4485- extends BaseWrapCipher 4486- { 4487- public RFC3211Wrap() 4488- { 4489- super(new RFC3211WrapEngine(new AESFastEngine()), 16); 4490- } 4491- } 4492- 4493- public static class RFC5649Wrap 4494- extends BaseWrapCipher 4495- { 4496- public RFC5649Wrap() 4497- { 4498- super(new RFC5649WrapEngine(new AESFastEngine())); 4499- } 4500- } 4501+ // BEGIN android-removed 4502+ // public static class RFC3211Wrap 4503+ // extends BaseWrapCipher 4504+ // { 4505+ // public RFC3211Wrap() 4506+ // { 4507+ // super(new RFC3211WrapEngine(new AESFastEngine()), 16); 4508+ // } 4509+ // } 4510+ // 4511+ // public static class RFC5649Wrap 4512+ // extends BaseWrapCipher 4513+ // { 4514+ // public RFC5649Wrap() 4515+ // { 4516+ // super(new RFC5649WrapEngine(new AESFastEngine())); 4517+ // } 4518+ // } 4519+ // END android-removed 4520 4521 /** 4522 * PBEWithAES-CBC 4523@@ -190,7 +223,9 @@ 4524 { 4525 public KeyGen() 4526 { 4527- this(192); 4528+ // BEGIN android-changed 4529+ this(128); 4530+ // END android-changed 4531 } 4532 4533 public KeyGen(int keySize) 4534@@ -199,32 +234,34 @@ 4535 } 4536 } 4537 4538- public static class KeyGen128 4539- extends KeyGen 4540- { 4541- public KeyGen128() 4542- { 4543- super(128); 4544- } 4545- } 4546- 4547- public static class KeyGen192 4548- extends KeyGen 4549- { 4550- public KeyGen192() 4551- { 4552- super(192); 4553- } 4554- } 4555- 4556- public static class KeyGen256 4557- extends KeyGen 4558- { 4559- public KeyGen256() 4560- { 4561- super(256); 4562- } 4563- } 4564+ // BEGIN android-removed 4565+ // public static class KeyGen128 4566+ // extends KeyGen 4567+ // { 4568+ // public KeyGen128() 4569+ // { 4570+ // super(128); 4571+ // } 4572+ // } 4573+ // 4574+ // public static class KeyGen192 4575+ // extends KeyGen 4576+ // { 4577+ // public KeyGen192() 4578+ // { 4579+ // super(192); 4580+ // } 4581+ // } 4582+ // 4583+ // public static class KeyGen256 4584+ // extends KeyGen 4585+ // { 4586+ // public KeyGen256() 4587+ // { 4588+ // super(256); 4589+ // } 4590+ // } 4591+ // END android-removed 4592 4593 /** 4594 * PBEWithSHA1And128BitAES-BC 4595@@ -334,119 +371,121 @@ 4596 } 4597 } 4598 4599- public static class AlgParamGen 4600- extends BaseAlgorithmParameterGenerator 4601- { 4602- protected void engineInit( 4603- AlgorithmParameterSpec genParamSpec, 4604- SecureRandom random) 4605- throws InvalidAlgorithmParameterException 4606- { 4607- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); 4608- } 4609- 4610- protected AlgorithmParameters engineGenerateParameters() 4611- { 4612- byte[] iv = new byte[16]; 4613- 4614- if (random == null) 4615- { 4616- random = new SecureRandom(); 4617- } 4618- 4619- random.nextBytes(iv); 4620- 4621- AlgorithmParameters params; 4622- 4623- try 4624- { 4625- params = createParametersInstance("AES"); 4626- params.init(new IvParameterSpec(iv)); 4627- } 4628- catch (Exception e) 4629- { 4630- throw new RuntimeException(e.getMessage()); 4631- } 4632- 4633- return params; 4634- } 4635- } 4636- 4637- public static class AlgParamGenCCM 4638- extends BaseAlgorithmParameterGenerator 4639- { 4640- protected void engineInit( 4641- AlgorithmParameterSpec genParamSpec, 4642- SecureRandom random) 4643- throws InvalidAlgorithmParameterException 4644- { 4645- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); 4646- } 4647- 4648- protected AlgorithmParameters engineGenerateParameters() 4649- { 4650- byte[] iv = new byte[12]; 4651- 4652- if (random == null) 4653- { 4654- random = new SecureRandom(); 4655- } 4656- 4657- random.nextBytes(iv); 4658- 4659- AlgorithmParameters params; 4660- 4661- try 4662- { 4663- params = createParametersInstance("CCM"); 4664- params.init(new CCMParameters(iv, 12).getEncoded()); 4665- } 4666- catch (Exception e) 4667- { 4668- throw new RuntimeException(e.getMessage()); 4669- } 4670- 4671- return params; 4672- } 4673- } 4674- 4675- public static class AlgParamGenGCM 4676- extends BaseAlgorithmParameterGenerator 4677- { 4678- protected void engineInit( 4679- AlgorithmParameterSpec genParamSpec, 4680- SecureRandom random) 4681- throws InvalidAlgorithmParameterException 4682- { 4683- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); 4684- } 4685- 4686- protected AlgorithmParameters engineGenerateParameters() 4687- { 4688- byte[] nonce = new byte[12]; 4689- 4690- if (random == null) 4691- { 4692- random = new SecureRandom(); 4693- } 4694- 4695- random.nextBytes(nonce); 4696- 4697- AlgorithmParameters params; 4698- 4699- try 4700- { 4701- params = createParametersInstance("GCM"); 4702- params.init(new GCMParameters(nonce, 12).getEncoded()); 4703- } 4704- catch (Exception e) 4705- { 4706- throw new RuntimeException(e.getMessage()); 4707- } 4708- 4709- return params; 4710- } 4711- } 4712+ // BEGIN android-removed 4713+ // public static class AlgParamGen 4714+ // extends BaseAlgorithmParameterGenerator 4715+ // { 4716+ // protected void engineInit( 4717+ // AlgorithmParameterSpec genParamSpec, 4718+ // SecureRandom random) 4719+ // throws InvalidAlgorithmParameterException 4720+ // { 4721+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); 4722+ // } 4723+ // 4724+ // protected AlgorithmParameters engineGenerateParameters() 4725+ // { 4726+ // byte[] iv = new byte[16]; 4727+ // 4728+ // if (random == null) 4729+ // { 4730+ // random = new SecureRandom(); 4731+ // } 4732+ // 4733+ // random.nextBytes(iv); 4734+ // 4735+ // AlgorithmParameters params; 4736+ // 4737+ // try 4738+ // { 4739+ // params = createParametersInstance("AES"); 4740+ // params.init(new IvParameterSpec(iv)); 4741+ // } 4742+ // catch (Exception e) 4743+ // { 4744+ // throw new RuntimeException(e.getMessage()); 4745+ // } 4746+ // 4747+ // return params; 4748+ // } 4749+ // } 4750+ // 4751+ // public static class AlgParamGenCCM 4752+ // extends BaseAlgorithmParameterGenerator 4753+ // { 4754+ // protected void engineInit( 4755+ // AlgorithmParameterSpec genParamSpec, 4756+ // SecureRandom random) 4757+ // throws InvalidAlgorithmParameterException 4758+ // { 4759+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); 4760+ // } 4761+ // 4762+ // protected AlgorithmParameters engineGenerateParameters() 4763+ // { 4764+ // byte[] iv = new byte[12]; 4765+ // 4766+ // if (random == null) 4767+ // { 4768+ // random = new SecureRandom(); 4769+ // } 4770+ // 4771+ // random.nextBytes(iv); 4772+ // 4773+ // AlgorithmParameters params; 4774+ // 4775+ // try 4776+ // { 4777+ // params = createParametersInstance("CCM"); 4778+ // params.init(new CCMParameters(iv, 12).getEncoded()); 4779+ // } 4780+ // catch (Exception e) 4781+ // { 4782+ // throw new RuntimeException(e.getMessage()); 4783+ // } 4784+ // 4785+ // return params; 4786+ // } 4787+ // } 4788+ // 4789+ // public static class AlgParamGenGCM 4790+ // extends BaseAlgorithmParameterGenerator 4791+ // { 4792+ // protected void engineInit( 4793+ // AlgorithmParameterSpec genParamSpec, 4794+ // SecureRandom random) 4795+ // throws InvalidAlgorithmParameterException 4796+ // { 4797+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); 4798+ // } 4799+ // 4800+ // protected AlgorithmParameters engineGenerateParameters() 4801+ // { 4802+ // byte[] nonce = new byte[12]; 4803+ // 4804+ // if (random == null) 4805+ // { 4806+ // random = new SecureRandom(); 4807+ // } 4808+ // 4809+ // random.nextBytes(nonce); 4810+ // 4811+ // AlgorithmParameters params; 4812+ // 4813+ // try 4814+ // { 4815+ // params = createParametersInstance("GCM"); 4816+ // params.init(new GCMParameters(nonce, 12).getEncoded()); 4817+ // } 4818+ // catch (Exception e) 4819+ // { 4820+ // throw new RuntimeException(e.getMessage()); 4821+ // } 4822+ // 4823+ // return params; 4824+ // } 4825+ // } 4826+ // END android-removed 4827 4828 public static class AlgParams 4829 extends IvAlgorithmParameters 4830@@ -545,80 +584,82 @@ 4831 } 4832 } 4833 4834- public static class AlgParamsCCM 4835- extends BaseAlgorithmParameters 4836- { 4837- private CCMParameters ccmParams; 4838- 4839- protected void engineInit(AlgorithmParameterSpec paramSpec) 4840- throws InvalidParameterSpecException 4841- { 4842- throw new InvalidParameterSpecException("No supported AlgorithmParameterSpec for AES parameter generation."); 4843- } 4844- 4845- protected void engineInit(byte[] params) 4846- throws IOException 4847- { 4848- ccmParams = CCMParameters.getInstance(params); 4849- } 4850- 4851- protected void engineInit(byte[] params, String format) 4852- throws IOException 4853- { 4854- if (!isASN1FormatString(format)) 4855- { 4856- throw new IOException("unknown format specified"); 4857- } 4858- 4859- ccmParams = CCMParameters.getInstance(params); 4860- } 4861- 4862- protected byte[] engineGetEncoded() 4863- throws IOException 4864- { 4865- return ccmParams.getEncoded(); 4866- } 4867- 4868- protected byte[] engineGetEncoded(String format) 4869- throws IOException 4870- { 4871- if (!isASN1FormatString(format)) 4872- { 4873- throw new IOException("unknown format specified"); 4874- } 4875- 4876- return ccmParams.getEncoded(); 4877- } 4878- 4879- protected String engineToString() 4880- { 4881- return "CCM"; 4882- } 4883- 4884- protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) 4885- throws InvalidParameterSpecException 4886- { 4887- if (gcmSpecClass != null) 4888- { 4889- try 4890- { 4891- Constructor constructor = gcmSpecClass.getConstructor(new Class[] { Integer.TYPE, byte[].class }); 4892- 4893- return (AlgorithmParameterSpec)constructor.newInstance(new Object[] { Integers.valueOf(ccmParams.getIcvLen() * 8), ccmParams.getNonce() }); 4894- } 4895- catch (NoSuchMethodException e) 4896- { 4897- throw new InvalidParameterSpecException("no constructor found!"); // should never happen 4898- } 4899- catch (Exception e) 4900- { 4901- throw new InvalidParameterSpecException("construction failed: " + e.getMessage()); // should never happen 4902- } 4903- } 4904- 4905- throw new InvalidParameterSpecException("unknown parameter spec: " + paramSpec.getName()); 4906- } 4907- } 4908+ // BEGIN android-removed 4909+ // public static class AlgParamsCCM 4910+ // extends BaseAlgorithmParameters 4911+ // { 4912+ // private CCMParameters ccmParams; 4913+ // 4914+ // protected void engineInit(AlgorithmParameterSpec paramSpec) 4915+ // throws InvalidParameterSpecException 4916+ // { 4917+ // throw new InvalidParameterSpecException("No supported AlgorithmParameterSpec for AES parameter generation."); 4918+ // } 4919+ // 4920+ // protected void engineInit(byte[] params) 4921+ // throws IOException 4922+ // { 4923+ // ccmParams = CCMParameters.getInstance(params); 4924+ // } 4925+ // 4926+ // protected void engineInit(byte[] params, String format) 4927+ // throws IOException 4928+ // { 4929+ // if (!isASN1FormatString(format)) 4930+ // { 4931+ // throw new IOException("unknown format specified"); 4932+ // } 4933+ // 4934+ // ccmParams = CCMParameters.getInstance(params); 4935+ // } 4936+ // 4937+ // protected byte[] engineGetEncoded() 4938+ // throws IOException 4939+ // { 4940+ // return ccmParams.getEncoded(); 4941+ // } 4942+ // 4943+ // protected byte[] engineGetEncoded(String format) 4944+ // throws IOException 4945+ // { 4946+ // if (!isASN1FormatString(format)) 4947+ // { 4948+ // throw new IOException("unknown format specified"); 4949+ // } 4950+ // 4951+ // return ccmParams.getEncoded(); 4952+ // } 4953+ // 4954+ // protected String engineToString() 4955+ // { 4956+ // return "CCM"; 4957+ // } 4958+ // 4959+ // protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) 4960+ // throws InvalidParameterSpecException 4961+ // { 4962+ // if (gcmSpecClass != null) 4963+ // { 4964+ // try 4965+ // { 4966+ // Constructor constructor = gcmSpecClass.getConstructor(new Class[] { Integer.TYPE, byte[].class }); 4967+ // 4968+ // return (AlgorithmParameterSpec)constructor.newInstance(new Object[] { Integers.valueOf(ccmParams.getIcvLen() * 8), ccmParams.getNonce() }); 4969+ // } 4970+ // catch (NoSuchMethodException e) 4971+ // { 4972+ // throw new InvalidParameterSpecException("no constructor found!"); // should never happen 4973+ // } 4974+ // catch (Exception e) 4975+ // { 4976+ // throw new InvalidParameterSpecException("construction failed: " + e.getMessage()); // should never happen 4977+ // } 4978+ // } 4979+ // 4980+ // throw new InvalidParameterSpecException("unknown parameter spec: " + paramSpec.getName()); 4981+ // } 4982+ // } 4983+ // END android-removed 4984 4985 public static class Mappings 4986 extends SymmetricAlgorithmProvider 4987@@ -652,92 +693,101 @@ 4988 provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_GCM, "GCM"); 4989 provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_GCM, "GCM"); 4990 provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_GCM, "GCM"); 4991- 4992- provider.addAlgorithm("AlgorithmParameters.CCM", PREFIX + "$AlgParamsCCM"); 4993- provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CCM, "CCM"); 4994- provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CCM, "CCM"); 4995- provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CCM, "CCM"); 4996- 4997- provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen"); 4998- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES"); 4999- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES"); 5000- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES"); 5001- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); 5002- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); 5003- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); 5004+ // BEGIN android-removed 5005+ // provider.addAlgorithm("AlgorithmParameters.CCM", PREFIX + "$AlgParamsCCM"); 5006+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CCM, "CCM"); 5007+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CCM, "CCM"); 5008+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CCM, "CCM"); 5009+ // 5010+ // provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen"); 5011+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES"); 5012+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES"); 5013+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES"); 5014+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); 5015+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); 5016+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); 5017+ // END android-removed 5018 5019 provider.addAlgorithm("Cipher.AES", PREFIX + "$ECB"); 5020 provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES128, "AES"); 5021 provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES192, "AES"); 5022 provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES256, "AES"); 5023- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB"); 5024- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB"); 5025- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB"); 5026- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); 5027- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); 5028- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); 5029- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB"); 5030- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB"); 5031- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB"); 5032- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB"); 5033- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB"); 5034- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB"); 5035+ // BEGIN android-removed 5036+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB"); 5037+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB"); 5038+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB"); 5039+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); 5040+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); 5041+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); 5042+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB"); 5043+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB"); 5044+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB"); 5045+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB"); 5046+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB"); 5047+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB"); 5048+ // END android-removed 5049 provider.addAlgorithm("Cipher.AESWRAP", PREFIX + "$Wrap"); 5050 provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP"); 5051 provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP"); 5052 provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP"); 5053 5054- provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap"); 5055- provider.addAlgorithm("Cipher.AESRFC5649WRAP", PREFIX + "$RFC5649Wrap"); 5056- 5057- provider.addAlgorithm("AlgorithmParameterGenerator.CCM", PREFIX + "$AlgParamGenCCM"); 5058- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CCM, "CCM"); 5059- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CCM, "CCM"); 5060- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CCM, "CCM"); 5061- 5062- provider.addAlgorithm("Cipher.CCM", PREFIX + "$CCM"); 5063- provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_CCM, "CCM"); 5064- provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_CCM, "CCM"); 5065- provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_CCM, "CCM"); 5066- 5067- provider.addAlgorithm("AlgorithmParameterGenerator.GCM", PREFIX + "$AlgParamGenGCM"); 5068- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_GCM, "GCM"); 5069- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_GCM, "GCM"); 5070- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_GCM, "GCM"); 5071- 5072- provider.addAlgorithm("Cipher.GCM", PREFIX + "$GCM"); 5073- provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_GCM, "GCM"); 5074- provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_GCM, "GCM"); 5075- provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_GCM, "GCM"); 5076+ // BEGIN android-removed 5077+ // provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap"); 5078+ // provider.addAlgorithm("Cipher.AESRFC5649WRAP", PREFIX + "$RFC5649Wrap"); 5079+ // 5080+ // provider.addAlgorithm("AlgorithmParameterGenerator.CCM", PREFIX + "$AlgParamGenCCM"); 5081+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CCM, "CCM"); 5082+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CCM, "CCM"); 5083+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CCM, "CCM"); 5084+ // 5085+ // provider.addAlgorithm("Cipher.CCM", PREFIX + "$CCM"); 5086+ // provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_CCM, "CCM"); 5087+ // provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_CCM, "CCM"); 5088+ // provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_CCM, "CCM"); 5089+ // 5090+ // provider.addAlgorithm("AlgorithmParameterGenerator.GCM", PREFIX + "$AlgParamGenGCM"); 5091+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_GCM, "GCM"); 5092+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_GCM, "GCM"); 5093+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_GCM, "GCM"); 5094+ // END android-removed 5095+ 5096+ // BEGIN android-changed 5097+ provider.addAlgorithm("Cipher.AES/GCM/NOPADDING", PREFIX + "$GCM"); 5098+ provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_GCM, "AES/GCM/NOPADDING"); 5099+ provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_GCM, "AES/GCM/NOPADDING"); 5100+ provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_GCM, "AES/GCM/NOPADDING"); 5101+ // END android-changed 5102 5103 provider.addAlgorithm("KeyGenerator.AES", PREFIX + "$KeyGen"); 5104- provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128"); 5105- provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192"); 5106- provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256"); 5107- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128"); 5108- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128"); 5109- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128"); 5110- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128"); 5111- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192"); 5112- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192"); 5113- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192"); 5114- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192"); 5115- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256"); 5116- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256"); 5117- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256"); 5118- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256"); 5119- provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen"); 5120- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128"); 5121- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192"); 5122- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256"); 5123- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_GCM, PREFIX + "$KeyGen128"); 5124- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_GCM, PREFIX + "$KeyGen192"); 5125- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_GCM, PREFIX + "$KeyGen256"); 5126- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CCM, PREFIX + "$KeyGen128"); 5127- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CCM, PREFIX + "$KeyGen192"); 5128- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CCM, PREFIX + "$KeyGen256"); 5129- 5130- provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); 5131+ // BEGIN android-removed 5132+ // provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128"); 5133+ // provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192"); 5134+ // provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256"); 5135+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128"); 5136+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128"); 5137+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128"); 5138+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128"); 5139+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192"); 5140+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192"); 5141+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192"); 5142+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192"); 5143+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256"); 5144+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256"); 5145+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256"); 5146+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256"); 5147+ // provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen"); 5148+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128"); 5149+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192"); 5150+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256"); 5151+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_GCM, PREFIX + "$KeyGen128"); 5152+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_GCM, PREFIX + "$KeyGen192"); 5153+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_GCM, PREFIX + "$KeyGen256"); 5154+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CCM, PREFIX + "$KeyGen128"); 5155+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CCM, PREFIX + "$KeyGen192"); 5156+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CCM, PREFIX + "$KeyGen256"); 5157+ // 5158+ // provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); 5159+ // END android-removed 5160 5161 provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); 5162 provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); 5163@@ -816,8 +866,10 @@ 5164 provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); 5165 provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); 5166 5167- addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128"); 5168- addPoly1305Algorithm(provider, "AES", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); 5169+ // BEGIN android-removed 5170+ // addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128"); 5171+ // addPoly1305Algorithm(provider, "AES", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); 5172+ // END android-removed 5173 } 5174 } 5175 5176diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/ARC4.java 5177--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java 2015-03-01 12:03:02.000000000 +0000 5178+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/ARC4.java 2013-05-25 02:14:15.000000000 +0000 5179@@ -29,7 +29,9 @@ 5180 { 5181 public KeyGen() 5182 { 5183- super("RC4", 128, new CipherKeyGenerator()); 5184+ // BEGIN android-changed 5185+ super("ARC4", 128, new CipherKeyGenerator()); 5186+ // END android-changed 5187 } 5188 } 5189 5190diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java 5191--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java 2015-03-01 12:03:02.000000000 +0000 5192+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java 2012-09-17 23:04:47.000000000 +0000 5193@@ -64,7 +64,9 @@ 5194 { 5195 5196 provider.addAlgorithm("Cipher.BLOWFISH", PREFIX + "$ECB"); 5197- provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC"); 5198+ // BEGIN android-removed 5199+ // provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC"); 5200+ // END android-removed 5201 provider.addAlgorithm("KeyGenerator.BLOWFISH", PREFIX + "$KeyGen"); 5202 provider.addAlgorithm("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH"); 5203 provider.addAlgorithm("AlgorithmParameters.BLOWFISH", PREFIX + "$AlgParams"); 5204diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/DES.java 5205--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java 2015-03-01 12:03:02.000000000 +0000 5206+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/DES.java 2015-04-09 13:10:16.000000000 +0000 5207@@ -19,12 +19,16 @@ 5208 import org.bouncycastle.crypto.CipherParameters; 5209 import org.bouncycastle.crypto.KeyGenerationParameters; 5210 import org.bouncycastle.crypto.engines.DESEngine; 5211-import org.bouncycastle.crypto.engines.RFC3211WrapEngine; 5212+// BEGIN android-removed 5213+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; 5214+// END android-removed 5215 import org.bouncycastle.crypto.generators.DESKeyGenerator; 5216 import org.bouncycastle.crypto.macs.CBCBlockCipherMac; 5217-import org.bouncycastle.crypto.macs.CFBBlockCipherMac; 5218-import org.bouncycastle.crypto.macs.CMac; 5219-import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; 5220+// BEGIN android-removed 5221+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; 5222+// import org.bouncycastle.crypto.macs.CMac; 5223+// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; 5224+// END android-removed 5225 import org.bouncycastle.crypto.modes.CBCBlockCipher; 5226 import org.bouncycastle.crypto.paddings.ISO7816d4Padding; 5227 import org.bouncycastle.crypto.params.DESParameters; 5228@@ -65,17 +69,19 @@ 5229 } 5230 } 5231 5232- /** 5233- * DES CFB8 5234- */ 5235- public static class DESCFB8 5236- extends BaseMac 5237- { 5238- public DESCFB8() 5239- { 5240- super(new CFBBlockCipherMac(new DESEngine())); 5241- } 5242- } 5243+ // BEGIN android-removed 5244+ // /** 5245+ // * DES CFB8 5246+ // */ 5247+ // public static class DESCFB8 5248+ // extends BaseMac 5249+ // { 5250+ // public DESCFB8() 5251+ // { 5252+ // super(new CFBBlockCipherMac(new DESEngine())); 5253+ // } 5254+ // } 5255+ // END android-removed 5256 5257 /** 5258 * DES64 5259@@ -110,47 +116,49 @@ 5260 } 5261 } 5262 5263- static public class CMAC 5264- extends BaseMac 5265- { 5266- public CMAC() 5267- { 5268- super(new CMac(new DESEngine())); 5269- } 5270- } 5271- 5272- /** 5273- * DES9797Alg3with7816-4Padding 5274- */ 5275- public static class DES9797Alg3with7816d4 5276- extends BaseMac 5277- { 5278- public DES9797Alg3with7816d4() 5279- { 5280- super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); 5281- } 5282- } 5283- 5284- /** 5285- * DES9797Alg3 5286- */ 5287- public static class DES9797Alg3 5288- extends BaseMac 5289- { 5290- public DES9797Alg3() 5291- { 5292- super(new ISO9797Alg3Mac(new DESEngine())); 5293- } 5294- } 5295- 5296- public static class RFC3211 5297- extends BaseWrapCipher 5298- { 5299- public RFC3211() 5300- { 5301- super(new RFC3211WrapEngine(new DESEngine()), 8); 5302- } 5303- } 5304+ // BEGIN android-removed 5305+ // static public class CMAC 5306+ // extends BaseMac 5307+ // { 5308+ // public CMAC() 5309+ // { 5310+ // super(new CMac(new DESEngine())); 5311+ // } 5312+ // } 5313+ // 5314+ // /** 5315+ // * DES9797Alg3with7816-4Padding 5316+ // */ 5317+ // public static class DES9797Alg3with7816d4 5318+ // extends BaseMac 5319+ // { 5320+ // public DES9797Alg3with7816d4() 5321+ // { 5322+ // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); 5323+ // } 5324+ // } 5325+ // 5326+ // /** 5327+ // * DES9797Alg3 5328+ // */ 5329+ // public static class DES9797Alg3 5330+ // extends BaseMac 5331+ // { 5332+ // public DES9797Alg3() 5333+ // { 5334+ // super(new ISO9797Alg3Mac(new DESEngine())); 5335+ // } 5336+ // } 5337+ // 5338+ // public static class RFC3211 5339+ // extends BaseWrapCipher 5340+ // { 5341+ // public RFC3211() 5342+ // { 5343+ // super(new RFC3211WrapEngine(new DESEngine()), 8); 5344+ // } 5345+ // } 5346+ // END android-removed 5347 5348 public static class AlgParamGen 5349 extends BaseAlgorithmParameterGenerator 5350@@ -350,17 +358,19 @@ 5351 } 5352 } 5353 5354- /** 5355- * PBEWithMD2AndDES 5356- */ 5357- static public class PBEWithMD2KeyFactory 5358- extends DESPBEKeyFactory 5359- { 5360- public PBEWithMD2KeyFactory() 5361- { 5362- super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); 5363- } 5364- } 5365+ // BEGIN android-removed 5366+ // /** 5367+ // * PBEWithMD2AndDES 5368+ // */ 5369+ // static public class PBEWithMD2KeyFactory 5370+ // extends DESPBEKeyFactory 5371+ // { 5372+ // public PBEWithMD2KeyFactory() 5373+ // { 5374+ // super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); 5375+ // } 5376+ // } 5377+ // END android-removed 5378 5379 /** 5380 * PBEWithMD5AndDES 5381@@ -386,17 +396,19 @@ 5382 } 5383 } 5384 5385- /** 5386- * PBEWithMD2AndDES 5387- */ 5388- static public class PBEWithMD2 5389- extends BaseBlockCipher 5390- { 5391- public PBEWithMD2() 5392- { 5393- super(new CBCBlockCipher(new DESEngine())); 5394- } 5395- } 5396+ // BEGIN android-removed 5397+ // /** 5398+ // * PBEWithMD2AndDES 5399+ // */ 5400+ // static public class PBEWithMD2 5401+ // extends BaseBlockCipher 5402+ // { 5403+ // public PBEWithMD2() 5404+ // { 5405+ // super(new CBCBlockCipher(new DESEngine())); 5406+ // } 5407+ // } 5408+ // END android-removed 5409 5410 /** 5411 * PBEWithMD5AndDES 5412@@ -436,61 +448,75 @@ 5413 { 5414 5415 provider.addAlgorithm("Cipher.DES", PREFIX + "$ECB"); 5416- provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC"); 5417- 5418- addAlias(provider, OIWObjectIdentifiers.desCBC, "DES"); 5419- 5420- provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211"); 5421+ // BEGIN android-removed 5422+ // provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC"); 5423+ // 5424+ // addAlias(provider, OIWObjectIdentifiers.desCBC, "DES"); 5425+ // 5426+ // provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211"); 5427+ // END android-removed 5428 5429 provider.addAlgorithm("KeyGenerator.DES", PREFIX + "$KeyGenerator"); 5430 5431 provider.addAlgorithm("SecretKeyFactory.DES", PREFIX + "$KeyFactory"); 5432 5433- provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC"); 5434- provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC"); 5435- provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC"); 5436- 5437- provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8"); 5438- provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); 5439- 5440- provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64"); 5441- provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64"); 5442- 5443- provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4"); 5444- provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); 5445- provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); 5446- provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); 5447- 5448- provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3"); 5449- provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); 5450- 5451- provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3"); 5452- provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); 5453- provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4"); 5454- provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); 5455+ // BEGIN android-removed 5456+ // provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC"); 5457+ // provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC"); 5458+ // provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC"); 5459+ // 5460+ // provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8"); 5461+ // provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); 5462+ // 5463+ // provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64"); 5464+ // provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64"); 5465+ // 5466+ // provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4"); 5467+ // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); 5468+ // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); 5469+ // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); 5470+ // 5471+ // provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3"); 5472+ // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); 5473+ // 5474+ // provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3"); 5475+ // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); 5476+ // provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4"); 5477+ // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); 5478+ // END android-removed 5479 5480 provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters"); 5481 provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + OIWObjectIdentifiers.desCBC, "DES"); 5482 5483- provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); 5484- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); 5485- 5486- provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2"); 5487+ // BEGIN android-removed 5488+ // provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); 5489+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); 5490+ // 5491+ // provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2"); 5492+ // END android-removed 5493 provider.addAlgorithm("Cipher.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5"); 5494 provider.addAlgorithm("Cipher.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1"); 5495 5496- provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); 5497+ // BEGIN android-removed 5498+ // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); 5499+ // END android-removed 5500 provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); 5501 provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); 5502 5503- provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory"); 5504+ // BEGIN android-removed 5505+ // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory"); 5506+ // END android-removed 5507 provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5KeyFactory"); 5508 provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1KeyFactory"); 5509 5510- provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); 5511+ // BEGIN android-removed 5512+ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); 5513+ // END android-removed 5514 provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES"); 5515 provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES"); 5516- provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); 5517+ // BEGIN android-removed 5518+ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); 5519+ // END android-removed 5520 provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); 5521 provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); 5522 } 5523diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/DESede.java 5524--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java 2015-03-01 12:03:02.000000000 +0000 5525+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/DESede.java 2015-04-09 13:10:16.000000000 +0000 5526@@ -1,30 +1,42 @@ 5527 package org.bouncycastle.jcajce.provider.symmetric; 5528 5529-import java.security.AlgorithmParameters; 5530-import java.security.InvalidAlgorithmParameterException; 5531+// BEGIN android-removed 5532+// import java.security.AlgorithmParameters; 5533+// import java.security.InvalidAlgorithmParameterException; 5534+// END android-removed 5535 import java.security.SecureRandom; 5536-import java.security.spec.AlgorithmParameterSpec; 5537+// BEGIN android-removed 5538+// import java.security.spec.AlgorithmParameterSpec; 5539+// END android-removed 5540 import java.security.spec.InvalidKeySpecException; 5541 import java.security.spec.KeySpec; 5542 5543 import javax.crypto.SecretKey; 5544 import javax.crypto.spec.DESedeKeySpec; 5545-import javax.crypto.spec.IvParameterSpec; 5546+// BEGIN android-removed 5547+// import javax.crypto.spec.IvParameterSpec; 5548+// END android-removed 5549 import javax.crypto.spec.SecretKeySpec; 5550 5551 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 5552 import org.bouncycastle.crypto.KeyGenerationParameters; 5553 import org.bouncycastle.crypto.engines.DESedeEngine; 5554 import org.bouncycastle.crypto.engines.DESedeWrapEngine; 5555-import org.bouncycastle.crypto.engines.RFC3211WrapEngine; 5556+// BEGIN android-removed 5557+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; 5558+// END android-removed 5559 import org.bouncycastle.crypto.generators.DESedeKeyGenerator; 5560 import org.bouncycastle.crypto.macs.CBCBlockCipherMac; 5561-import org.bouncycastle.crypto.macs.CFBBlockCipherMac; 5562-import org.bouncycastle.crypto.macs.CMac; 5563+// BEGIN android-removed 5564+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; 5565+// import org.bouncycastle.crypto.macs.CMac; 5566+// END android-removed 5567 import org.bouncycastle.crypto.modes.CBCBlockCipher; 5568 import org.bouncycastle.crypto.paddings.ISO7816d4Padding; 5569 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; 5570-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; 5571+// BEGIN android-removed 5572+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; 5573+// END android-removed 5574 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; 5575 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; 5576 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; 5577@@ -56,17 +68,19 @@ 5578 } 5579 } 5580 5581- /** 5582- * DESede CFB8 5583- */ 5584- public static class DESedeCFB8 5585- extends BaseMac 5586- { 5587- public DESedeCFB8() 5588- { 5589- super(new CFBBlockCipherMac(new DESedeEngine())); 5590- } 5591- } 5592+ // BEGIN android-removed 5593+ // /** 5594+ // * DESede CFB8 5595+ // */ 5596+ // public static class DESedeCFB8 5597+ // extends BaseMac 5598+ // { 5599+ // public DESedeCFB8() 5600+ // { 5601+ // super(new CFBBlockCipherMac(new DESedeEngine())); 5602+ // } 5603+ // } 5604+ // END android-removed 5605 5606 /** 5607 * DESede64 5608@@ -101,15 +115,17 @@ 5609 } 5610 } 5611 5612- static public class CMAC 5613- extends BaseMac 5614- { 5615- public CMAC() 5616- { 5617- super(new CMac(new DESedeEngine())); 5618- } 5619- } 5620- 5621+ // BEGIN android-removed 5622+ // static public class CMAC 5623+ // extends BaseMac 5624+ // { 5625+ // public CMAC() 5626+ // { 5627+ // super(new CMac(new DESedeEngine())); 5628+ // } 5629+ // } 5630+ // END android-removed 5631+ 5632 public static class Wrap 5633 extends BaseWrapCipher 5634 { 5635@@ -118,15 +134,17 @@ 5636 super(new DESedeWrapEngine()); 5637 } 5638 } 5639- 5640- public static class RFC3211 5641- extends BaseWrapCipher 5642- { 5643- public RFC3211() 5644- { 5645- super(new RFC3211WrapEngine(new DESedeEngine()), 8); 5646- } 5647- } 5648+ 5649+ // BEGIN android-removed 5650+ // public static class RFC3211 5651+ // extends BaseWrapCipher 5652+ // { 5653+ // public RFC3211() 5654+ // { 5655+ // super(new RFC3211WrapEngine(new DESedeEngine()), 8); 5656+ // } 5657+ // } 5658+ // END android-removed 5659 5660 /** 5661 * DESede - the default for this is to generate a key in 5662@@ -240,43 +258,45 @@ 5663 } 5664 } 5665 5666- public static class AlgParamGen 5667- extends BaseAlgorithmParameterGenerator 5668- { 5669- protected void engineInit( 5670- AlgorithmParameterSpec genParamSpec, 5671- SecureRandom random) 5672- throws InvalidAlgorithmParameterException 5673- { 5674- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); 5675- } 5676- 5677- protected AlgorithmParameters engineGenerateParameters() 5678- { 5679- byte[] iv = new byte[8]; 5680- 5681- if (random == null) 5682- { 5683- random = new SecureRandom(); 5684- } 5685- 5686- random.nextBytes(iv); 5687- 5688- AlgorithmParameters params; 5689- 5690- try 5691- { 5692- params = createParametersInstance("DES"); 5693- params.init(new IvParameterSpec(iv)); 5694- } 5695- catch (Exception e) 5696- { 5697- throw new RuntimeException(e.getMessage()); 5698- } 5699- 5700- return params; 5701- } 5702- } 5703+ // BEGIN android-removed 5704+ // public static class AlgParamGen 5705+ // extends BaseAlgorithmParameterGenerator 5706+ // { 5707+ // protected void engineInit( 5708+ // AlgorithmParameterSpec genParamSpec, 5709+ // SecureRandom random) 5710+ // throws InvalidAlgorithmParameterException 5711+ // { 5712+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); 5713+ // } 5714+ 5715+ // protected AlgorithmParameters engineGenerateParameters() 5716+ // { 5717+ // byte[] iv = new byte[8]; 5718+ 5719+ // if (random == null) 5720+ // { 5721+ // random = new SecureRandom(); 5722+ // } 5723+ 5724+ // random.nextBytes(iv); 5725+ 5726+ // AlgorithmParameters params; 5727+ 5728+ // try 5729+ // { 5730+ // params = createParametersInstance("DES"); 5731+ // params.init(new IvParameterSpec(iv)); 5732+ // } 5733+ // catch (Exception e) 5734+ // { 5735+ // throw new RuntimeException(e.getMessage()); 5736+ // } 5737+ 5738+ // return params; 5739+ // } 5740+ // } 5741+ // END android-removed 5742 5743 static public class KeyFactory 5744 extends BaseSecretKeyFactory 5745@@ -360,25 +380,37 @@ 5746 public void configure(ConfigurableProvider provider) 5747 { 5748 provider.addAlgorithm("Cipher.DESEDE", PREFIX + "$ECB"); 5749- provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC"); 5750+ // BEGIN android-removed 5751+ // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC"); 5752+ // END android-removed 5753 provider.addAlgorithm("Cipher.DESEDEWRAP", PREFIX + "$Wrap"); 5754- provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, PREFIX + "$Wrap"); 5755- provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); 5756+ // BEGIN android-changed 5757+ provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP"); 5758+ // END android-changed 5759+ // BEGIN android-removed 5760+ // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); 5761+ // END android-removed 5762 5763 provider.addAlgorithm("Alg.Alias.Cipher.TDEA", "DESEDE"); 5764 provider.addAlgorithm("Alg.Alias.Cipher.TDEAWRAP", "DESEDEWRAP"); 5765 provider.addAlgorithm("Alg.Alias.KeyGenerator.TDEA", "DESEDE"); 5766 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.TDEA", "DESEDE"); 5767- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE"); 5768+ // BEGIN android-removed 5769+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE"); 5770+ // END android-removed 5771 provider.addAlgorithm("Alg.Alias.SecretKeyFactory.TDEA", "DESEDE"); 5772 5773 if (provider.hasAlgorithm("MessageDigest", "SHA-1")) 5774 { 5775 provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key"); 5776- provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key"); 5777- provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key"); 5778+ // BEGIN android-removed 5779+ // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key"); 5780+ // provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key"); 5781+ // END android-removed 5782 provider.addAlgorithm("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2Key"); 5783- provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key"); 5784+ // BEGIN android-removed 5785+ // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key"); 5786+ // END android-removed 5787 provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); 5788 provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); 5789 provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); 5790@@ -387,31 +419,37 @@ 5791 } 5792 5793 provider.addAlgorithm("KeyGenerator.DESEDE", PREFIX + "$KeyGenerator"); 5794- provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3"); 5795- provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator"); 5796+ // BEGIN android-removed 5797+ // provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3"); 5798+ // provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator"); 5799+ // END android-removed 5800 5801 provider.addAlgorithm("SecretKeyFactory.DESEDE", PREFIX + "$KeyFactory"); 5802 5803- provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC"); 5804- provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC"); 5805- provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); 5806- 5807- provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8"); 5808- provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); 5809- 5810- provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64"); 5811- provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); 5812- 5813- provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4"); 5814- provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); 5815- provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); 5816- provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); 5817+ // BEGIN android-removed 5818+ // provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC"); 5819+ // provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC"); 5820+ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); 5821+ // 5822+ // provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8"); 5823+ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); 5824+ // 5825+ // provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64"); 5826+ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); 5827+ // 5828+ // provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4"); 5829+ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); 5830+ // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); 5831+ // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); 5832+ // END android-removed 5833 5834 provider.addAlgorithm("AlgorithmParameters.DESEDE", PACKAGE + ".util.IvAlgorithmParameters"); 5835 provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); 5836 5837- provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); 5838- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); 5839+ // BEGIN android-removed 5840+ // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); 5841+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); 5842+ // END android-removed 5843 5844 provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3KeyFactory"); 5845 provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2KeyFactory"); 5846diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/RC2.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/RC2.java 5847--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/RC2.java 2015-03-01 12:03:02.000000000 +0000 5848+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/RC2.java 2015-04-09 13:10:16.000000000 +0000 5849@@ -12,20 +12,28 @@ 5850 5851 import org.bouncycastle.asn1.ASN1Primitive; 5852 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 5853-import org.bouncycastle.asn1.pkcs.RC2CBCParameter; 5854-import org.bouncycastle.crypto.CipherKeyGenerator; 5855+// BEGIN android-removed 5856+// import org.bouncycastle.asn1.pkcs.RC2CBCParameter; 5857+// import org.bouncycastle.crypto.CipherKeyGenerator; 5858+// END android-removed 5859 import org.bouncycastle.crypto.engines.RC2Engine; 5860-import org.bouncycastle.crypto.engines.RC2WrapEngine; 5861-import org.bouncycastle.crypto.macs.CBCBlockCipherMac; 5862-import org.bouncycastle.crypto.macs.CFBBlockCipherMac; 5863+// BEGIN android-removed 5864+// import org.bouncycastle.crypto.engines.RC2WrapEngine; 5865+// import org.bouncycastle.crypto.macs.CBCBlockCipherMac; 5866+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; 5867+// END android-removed 5868 import org.bouncycastle.crypto.modes.CBCBlockCipher; 5869 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; 5870-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; 5871-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; 5872+// BEGIN android-removed 5873+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; 5874+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; 5875+// END android-removed 5876 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; 5877-import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; 5878-import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; 5879-import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; 5880+// BEGIN android-removed 5881+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; 5882+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; 5883+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; 5884+// END android-removed 5885 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; 5886 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; 5887 import org.bouncycastle.util.Arrays; 5888@@ -36,59 +44,61 @@ 5889 { 5890 } 5891 5892- /** 5893- * RC2 5894- */ 5895- static public class ECB 5896- extends BaseBlockCipher 5897- { 5898- public ECB() 5899- { 5900- super(new RC2Engine()); 5901- } 5902- } 5903- 5904- /** 5905- * RC2CBC 5906- */ 5907- static public class CBC 5908- extends BaseBlockCipher 5909- { 5910- public CBC() 5911- { 5912- super(new CBCBlockCipher(new RC2Engine()), 64); 5913- } 5914- } 5915- 5916- public static class Wrap 5917- extends BaseWrapCipher 5918- { 5919- public Wrap() 5920- { 5921- super(new RC2WrapEngine()); 5922- } 5923- } 5924- 5925- /** 5926- * RC2 5927- */ 5928- public static class CBCMAC 5929- extends BaseMac 5930- { 5931- public CBCMAC() 5932- { 5933- super(new CBCBlockCipherMac(new RC2Engine())); 5934- } 5935- } 5936- 5937- public static class CFB8MAC 5938- extends BaseMac 5939- { 5940- public CFB8MAC() 5941- { 5942- super(new CFBBlockCipherMac(new RC2Engine())); 5943- } 5944- } 5945+ // BEGIN android-removed 5946+ // /** 5947+ // * RC2 5948+ // */ 5949+ // static public class ECB 5950+ // extends BaseBlockCipher 5951+ // { 5952+ // public ECB() 5953+ // { 5954+ // super(new RC2Engine()); 5955+ // } 5956+ // } 5957+ // 5958+ // /** 5959+ // * RC2CBC 5960+ // */ 5961+ // static public class CBC 5962+ // extends BaseBlockCipher 5963+ // { 5964+ // public CBC() 5965+ // { 5966+ // super(new CBCBlockCipher(new RC2Engine()), 64); 5967+ // } 5968+ // } 5969+ // 5970+ // public static class Wrap 5971+ // extends BaseWrapCipher 5972+ // { 5973+ // public Wrap() 5974+ // { 5975+ // super(new RC2WrapEngine()); 5976+ // } 5977+ // } 5978+ // 5979+ // /** 5980+ // * RC2 5981+ // */ 5982+ // public static class CBCMAC 5983+ // extends BaseMac 5984+ // { 5985+ // public CBCMAC() 5986+ // { 5987+ // super(new CBCBlockCipherMac(new RC2Engine())); 5988+ // } 5989+ // } 5990+ // 5991+ // public static class CFB8MAC 5992+ // extends BaseMac 5993+ // { 5994+ // public CFB8MAC() 5995+ // { 5996+ // super(new CFBBlockCipherMac(new RC2Engine())); 5997+ // } 5998+ // } 5999+ // END android-removed 6000 6001 /** 6002 * PBEWithSHA1AndRC2 6003@@ -174,17 +184,19 @@ 6004 } 6005 } 6006 6007- /** 6008- * PBEWithMD2AndRC2 6009- */ 6010- static public class PBEWithMD2KeyFactory 6011- extends PBESecretKeyFactory 6012- { 6013- public PBEWithMD2KeyFactory() 6014- { 6015- super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); 6016- } 6017- } 6018+ // BEGIN android-removed 6019+ // /** 6020+ // * PBEWithMD2AndRC2 6021+ // */ 6022+ // static public class PBEWithMD2KeyFactory 6023+ // extends PBESecretKeyFactory 6024+ // { 6025+ // public PBEWithMD2KeyFactory() 6026+ // { 6027+ // super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); 6028+ // } 6029+ // } 6030+ // END android-removed 6031 6032 /** 6033 * PBEWithMD5AndRC2 6034@@ -198,247 +210,249 @@ 6035 } 6036 } 6037 6038- public static class AlgParamGen 6039- extends BaseAlgorithmParameterGenerator 6040- { 6041- RC2ParameterSpec spec = null; 6042- 6043- protected void engineInit( 6044- AlgorithmParameterSpec genParamSpec, 6045- SecureRandom random) 6046- throws InvalidAlgorithmParameterException 6047- { 6048- if (genParamSpec instanceof RC2ParameterSpec) 6049- { 6050- spec = (RC2ParameterSpec)genParamSpec; 6051- return; 6052- } 6053- 6054- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation."); 6055- } 6056- 6057- protected AlgorithmParameters engineGenerateParameters() 6058- { 6059- AlgorithmParameters params; 6060- 6061- if (spec == null) 6062- { 6063- byte[] iv = new byte[8]; 6064- 6065- if (random == null) 6066- { 6067- random = new SecureRandom(); 6068- } 6069- 6070- random.nextBytes(iv); 6071- 6072- try 6073- { 6074- params = createParametersInstance("RC2"); 6075- params.init(new IvParameterSpec(iv)); 6076- } 6077- catch (Exception e) 6078- { 6079- throw new RuntimeException(e.getMessage()); 6080- } 6081- } 6082- else 6083- { 6084- try 6085- { 6086- params = createParametersInstance("RC2"); 6087- params.init(spec); 6088- } 6089- catch (Exception e) 6090- { 6091- throw new RuntimeException(e.getMessage()); 6092- } 6093- } 6094- 6095- return params; 6096- } 6097- } 6098- 6099- public static class KeyGenerator 6100- extends BaseKeyGenerator 6101- { 6102- public KeyGenerator() 6103- { 6104- super("RC2", 128, new CipherKeyGenerator()); 6105- } 6106- } 6107- 6108- public static class AlgParams 6109- extends BaseAlgorithmParameters 6110- { 6111- private static final short[] table = { 6112- 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, 6113- 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, 6114- 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, 6115- 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, 6116- 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, 6117- 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, 6118- 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, 6119- 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, 6120- 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, 6121- 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, 6122- 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, 6123- 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, 6124- 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, 6125- 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, 6126- 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, 6127- 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab 6128- }; 6129- 6130- private static final short[] ekb = { 6131- 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, 6132- 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, 6133- 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, 6134- 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, 6135- 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, 6136- 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, 6137- 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, 6138- 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, 6139- 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, 6140- 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, 6141- 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, 6142- 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, 6143- 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, 6144- 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, 6145- 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, 6146- 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd 6147- }; 6148- 6149- private byte[] iv; 6150- private int parameterVersion = 58; 6151- 6152- protected byte[] engineGetEncoded() 6153- { 6154- return Arrays.clone(iv); 6155- } 6156- 6157- protected byte[] engineGetEncoded( 6158- String format) 6159- throws IOException 6160- { 6161- if (this.isASN1FormatString(format)) 6162- { 6163- if (parameterVersion == -1) 6164- { 6165- return new RC2CBCParameter(engineGetEncoded()).getEncoded(); 6166- } 6167- else 6168- { 6169- return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); 6170- } 6171- } 6172- 6173- if (format.equals("RAW")) 6174- { 6175- return engineGetEncoded(); 6176- } 6177- 6178- return null; 6179- } 6180- 6181- protected AlgorithmParameterSpec localEngineGetParameterSpec( 6182- Class paramSpec) 6183- throws InvalidParameterSpecException 6184- { 6185- if (paramSpec == RC2ParameterSpec.class) 6186- { 6187- if (parameterVersion != -1) 6188- { 6189- if (parameterVersion < 256) 6190- { 6191- return new RC2ParameterSpec(ekb[parameterVersion], iv); 6192- } 6193- else 6194- { 6195- return new RC2ParameterSpec(parameterVersion, iv); 6196- } 6197- } 6198- } 6199- 6200- if (paramSpec == IvParameterSpec.class) 6201- { 6202- return new IvParameterSpec(iv); 6203- } 6204- 6205- throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); 6206- } 6207- 6208- protected void engineInit( 6209- AlgorithmParameterSpec paramSpec) 6210- throws InvalidParameterSpecException 6211- { 6212- if (paramSpec instanceof IvParameterSpec) 6213- { 6214- this.iv = ((IvParameterSpec)paramSpec).getIV(); 6215- } 6216- else if (paramSpec instanceof RC2ParameterSpec) 6217- { 6218- int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); 6219- if (effKeyBits != -1) 6220- { 6221- if (effKeyBits < 256) 6222- { 6223- parameterVersion = table[effKeyBits]; 6224- } 6225- else 6226- { 6227- parameterVersion = effKeyBits; 6228- } 6229- } 6230- 6231- this.iv = ((RC2ParameterSpec)paramSpec).getIV(); 6232- } 6233- else 6234- { 6235- throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); 6236- } 6237- } 6238- 6239- protected void engineInit( 6240- byte[] params) 6241- throws IOException 6242- { 6243- this.iv = Arrays.clone(params); 6244- } 6245- 6246- protected void engineInit( 6247- byte[] params, 6248- String format) 6249- throws IOException 6250- { 6251- if (this.isASN1FormatString(format)) 6252- { 6253- RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); 6254- 6255- if (p.getRC2ParameterVersion() != null) 6256- { 6257- parameterVersion = p.getRC2ParameterVersion().intValue(); 6258- } 6259- 6260- iv = p.getIV(); 6261- 6262- return; 6263- } 6264- 6265- if (format.equals("RAW")) 6266- { 6267- engineInit(params); 6268- return; 6269- } 6270- 6271- throw new IOException("Unknown parameters format in IV parameters object"); 6272- } 6273- 6274- protected String engineToString() 6275- { 6276- return "RC2 Parameters"; 6277- } 6278- } 6279+ // BEGIN android-removed 6280+ // public static class AlgParamGen 6281+ // extends BaseAlgorithmParameterGenerator 6282+ // { 6283+ // RC2ParameterSpec spec = null; 6284+ // 6285+ // protected void engineInit( 6286+ // AlgorithmParameterSpec genParamSpec, 6287+ // SecureRandom random) 6288+ // throws InvalidAlgorithmParameterException 6289+ // { 6290+ // if (genParamSpec instanceof RC2ParameterSpec) 6291+ // { 6292+ // spec = (RC2ParameterSpec)genParamSpec; 6293+ // return; 6294+ // } 6295+ // 6296+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation."); 6297+ // } 6298+ // 6299+ // protected AlgorithmParameters engineGenerateParameters() 6300+ // { 6301+ // AlgorithmParameters params; 6302+ // 6303+ // if (spec == null) 6304+ // { 6305+ // byte[] iv = new byte[8]; 6306+ // 6307+ // if (random == null) 6308+ // { 6309+ // random = new SecureRandom(); 6310+ // } 6311+ // 6312+ // random.nextBytes(iv); 6313+ // 6314+ // try 6315+ // { 6316+ // params = createParametersInstance("RC2"); 6317+ // params.init(new IvParameterSpec(iv)); 6318+ // } 6319+ // catch (Exception e) 6320+ // { 6321+ // throw new RuntimeException(e.getMessage()); 6322+ // } 6323+ // } 6324+ // else 6325+ // { 6326+ // try 6327+ // { 6328+ // params = createParametersInstance("RC2"); 6329+ // params.init(spec); 6330+ // } 6331+ // catch (Exception e) 6332+ // { 6333+ // throw new RuntimeException(e.getMessage()); 6334+ // } 6335+ // } 6336+ // 6337+ // return params; 6338+ // } 6339+ // } 6340+ // 6341+ // public static class KeyGenerator 6342+ // extends BaseKeyGenerator 6343+ // { 6344+ // public KeyGenerator() 6345+ // { 6346+ // super("RC2", 128, new CipherKeyGenerator()); 6347+ // } 6348+ // } 6349+ // 6350+ // public static class AlgParams 6351+ // extends BaseAlgorithmParameters 6352+ // { 6353+ // private static final short[] table = { 6354+ // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, 6355+ // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, 6356+ // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, 6357+ // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, 6358+ // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, 6359+ // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, 6360+ // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, 6361+ // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, 6362+ // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, 6363+ // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, 6364+ // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, 6365+ // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, 6366+ // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, 6367+ // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, 6368+ // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, 6369+ // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab 6370+ // }; 6371+ // 6372+ // private static final short[] ekb = { 6373+ // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, 6374+ // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, 6375+ // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, 6376+ // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, 6377+ // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, 6378+ // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, 6379+ // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, 6380+ // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, 6381+ // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, 6382+ // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, 6383+ // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, 6384+ // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, 6385+ // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, 6386+ // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, 6387+ // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, 6388+ // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd 6389+ // }; 6390+ // 6391+ // private byte[] iv; 6392+ // private int parameterVersion = 58; 6393+ // 6394+ // protected byte[] engineGetEncoded() 6395+ // { 6396+ // return Arrays.clone(iv); 6397+ // } 6398+ // 6399+ // protected byte[] engineGetEncoded( 6400+ // String format) 6401+ // throws IOException 6402+ // { 6403+ // if (this.isASN1FormatString(format)) 6404+ // { 6405+ // if (parameterVersion == -1) 6406+ // { 6407+ // return new RC2CBCParameter(engineGetEncoded()).getEncoded(); 6408+ // } 6409+ // else 6410+ // { 6411+ // return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); 6412+ // } 6413+ // } 6414+ // 6415+ // if (format.equals("RAW")) 6416+ // { 6417+ // return engineGetEncoded(); 6418+ // } 6419+ // 6420+ // return null; 6421+ // } 6422+ // 6423+ // protected AlgorithmParameterSpec localEngineGetParameterSpec( 6424+ // Class paramSpec) 6425+ // throws InvalidParameterSpecException 6426+ // { 6427+ // if (paramSpec == RC2ParameterSpec.class) 6428+ // { 6429+ // if (parameterVersion != -1) 6430+ // { 6431+ // if (parameterVersion < 256) 6432+ // { 6433+ // return new RC2ParameterSpec(ekb[parameterVersion], iv); 6434+ // } 6435+ // else 6436+ // { 6437+ // return new RC2ParameterSpec(parameterVersion, iv); 6438+ // } 6439+ // } 6440+ // } 6441+ // 6442+ // if (paramSpec == IvParameterSpec.class) 6443+ // { 6444+ // return new IvParameterSpec(iv); 6445+ // } 6446+ // 6447+ // throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); 6448+ // } 6449+ // 6450+ // protected void engineInit( 6451+ // AlgorithmParameterSpec paramSpec) 6452+ // throws InvalidParameterSpecException 6453+ // { 6454+ // if (paramSpec instanceof IvParameterSpec) 6455+ // { 6456+ // this.iv = ((IvParameterSpec)paramSpec).getIV(); 6457+ // } 6458+ // else if (paramSpec instanceof RC2ParameterSpec) 6459+ // { 6460+ // int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); 6461+ // if (effKeyBits != -1) 6462+ // { 6463+ // if (effKeyBits < 256) 6464+ // { 6465+ // parameterVersion = table[effKeyBits]; 6466+ // } 6467+ // else 6468+ // { 6469+ // parameterVersion = effKeyBits; 6470+ // } 6471+ // } 6472+ // 6473+ // this.iv = ((RC2ParameterSpec)paramSpec).getIV(); 6474+ // } 6475+ // else 6476+ // { 6477+ // throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); 6478+ // } 6479+ // } 6480+ // 6481+ // protected void engineInit( 6482+ // byte[] params) 6483+ // throws IOException 6484+ // { 6485+ // this.iv = Arrays.clone(params); 6486+ // } 6487+ // 6488+ // protected void engineInit( 6489+ // byte[] params, 6490+ // String format) 6491+ // throws IOException 6492+ // { 6493+ // if (this.isASN1FormatString(format)) 6494+ // { 6495+ // RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); 6496+ // 6497+ // if (p.getRC2ParameterVersion() != null) 6498+ // { 6499+ // parameterVersion = p.getRC2ParameterVersion().intValue(); 6500+ // } 6501+ // 6502+ // iv = p.getIV(); 6503+ // 6504+ // return; 6505+ // } 6506+ // 6507+ // if (format.equals("RAW")) 6508+ // { 6509+ // engineInit(params); 6510+ // return; 6511+ // } 6512+ // 6513+ // throw new IOException("Unknown parameters format in IV parameters object"); 6514+ // } 6515+ // 6516+ // protected String engineToString() 6517+ // { 6518+ // return "RC2 Parameters"; 6519+ // } 6520+ // } 6521+ // END android-removed 6522 6523 public static class Mappings 6524 extends AlgorithmProvider 6525@@ -452,32 +466,36 @@ 6526 public void configure(ConfigurableProvider provider) 6527 { 6528 6529- provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen"); 6530- provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen"); 6531- 6532- provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator"); 6533- provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator"); 6534- 6535- provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams"); 6536- provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams"); 6537- 6538- provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB"); 6539- provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap"); 6540- provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP"); 6541- provider.addAlgorithm("Cipher.1.2.840.113549.3.2", PREFIX + "$CBC"); 6542- 6543- provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC"); 6544- provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC"); 6545- provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC"); 6546- provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); 6547- 6548- provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); 6549+ // BEGIN android-removed 6550+ // provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen"); 6551+ // provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen"); 6552+ // 6553+ // provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator"); 6554+ // provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator"); 6555+ // 6556+ // provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams"); 6557+ // provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams"); 6558+ // 6559+ // provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB"); 6560+ // provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap"); 6561+ // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP"); 6562+ // provider.addAlgorithm("Cipher.1.2.840.113549.3.2", PREFIX + "$CBC"); 6563+ // 6564+ // provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC"); 6565+ // provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC"); 6566+ // provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC"); 6567+ // provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); 6568+ // 6569+ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); 6570+ // END android-removed 6571 6572 provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2"); 6573 6574 provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2"); 6575 6576- provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); 6577+ // BEGIN android-removed 6578+ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); 6579+ // END android-removed 6580 6581 provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); 6582 6583@@ -485,14 +503,18 @@ 6584 provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); 6585 provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); 6586 6587- provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory"); 6588+ // BEGIN android-removed 6589+ // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory"); 6590+ // END android-removed 6591 provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5KeyFactory"); 6592 provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1KeyFactory"); 6593 6594 provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitKeyFactory"); 6595 provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitKeyFactory"); 6596 6597- provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); 6598+ // BEGIN android-removed 6599+ // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); 6600+ // END android-removed 6601 6602 provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); 6603 6604diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java 6605--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java 2015-03-01 12:03:02.000000000 +0000 6606+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java 2013-12-12 00:35:05.000000000 +0000 6607@@ -6,29 +6,31 @@ 6608 abstract class SymmetricAlgorithmProvider 6609 extends AlgorithmProvider 6610 { 6611- protected void addGMacAlgorithm( 6612- ConfigurableProvider provider, 6613- String algorithm, 6614- String algorithmClassName, 6615- String keyGeneratorClassName) 6616- { 6617- provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName); 6618- provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC"); 6619- 6620- provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName); 6621- provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC", algorithm + "-GMAC"); 6622- } 6623- 6624- protected void addPoly1305Algorithm(ConfigurableProvider provider, 6625- String algorithm, 6626- String algorithmClassName, 6627- String keyGeneratorClassName) 6628- { 6629- provider.addAlgorithm("Mac.POLY1305-" + algorithm, algorithmClassName); 6630- provider.addAlgorithm("Alg.Alias.Mac.POLY1305" + algorithm, "POLY1305-" + algorithm); 6631- 6632- provider.addAlgorithm("KeyGenerator.POLY1305-" + algorithm, keyGeneratorClassName); 6633- provider.addAlgorithm("Alg.Alias.KeyGenerator.POLY1305" + algorithm, "POLY1305-" + algorithm); 6634- } 6635+ // BEGIN android-removed 6636+ // protected void addGMacAlgorithm( 6637+ // ConfigurableProvider provider, 6638+ // String algorithm, 6639+ // String algorithmClassName, 6640+ // String keyGeneratorClassName) 6641+ // { 6642+ // provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName); 6643+ // provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC"); 6644+ // 6645+ // provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName); 6646+ // provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC", algorithm + "-GMAC"); 6647+ // } 6648+ // 6649+ // protected void addPoly1305Algorithm(ConfigurableProvider provider, 6650+ // String algorithm, 6651+ // String algorithmClassName, 6652+ // String keyGeneratorClassName) 6653+ // { 6654+ // provider.addAlgorithm("Mac.POLY1305-" + algorithm, algorithmClassName); 6655+ // provider.addAlgorithm("Alg.Alias.Mac.POLY1305" + algorithm, "POLY1305-" + algorithm); 6656+ // 6657+ // provider.addAlgorithm("KeyGenerator.POLY1305-" + algorithm, keyGeneratorClassName); 6658+ // provider.addAlgorithm("Alg.Alias.KeyGenerator.POLY1305" + algorithm, "POLY1305-" + algorithm); 6659+ // } 6660+ // END android-removed 6661 6662 } 6663diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/Twofish.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/Twofish.java 6664--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/Twofish.java 2015-03-01 12:03:02.000000000 +0000 6665+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/Twofish.java 2013-12-12 00:35:05.000000000 +0000 6666@@ -1,18 +1,26 @@ 6667 package org.bouncycastle.jcajce.provider.symmetric; 6668 6669-import org.bouncycastle.crypto.BlockCipher; 6670-import org.bouncycastle.crypto.CipherKeyGenerator; 6671+// BEGIN android-removed 6672+// import org.bouncycastle.crypto.BlockCipher; 6673+// import org.bouncycastle.crypto.CipherKeyGenerator; 6674+// END android-removed 6675 import org.bouncycastle.crypto.engines.TwofishEngine; 6676-import org.bouncycastle.crypto.generators.Poly1305KeyGenerator; 6677-import org.bouncycastle.crypto.macs.GMac; 6678+// BEGIN android-removed 6679+// import org.bouncycastle.crypto.generators.Poly1305KeyGenerator; 6680+// import org.bouncycastle.crypto.macs.GMac; 6681+// END android-removed 6682 import org.bouncycastle.crypto.modes.CBCBlockCipher; 6683-import org.bouncycastle.crypto.modes.GCMBlockCipher; 6684+// BEGIN android-removed 6685+// import org.bouncycastle.crypto.modes.GCMBlockCipher; 6686+// END android-removed 6687 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; 6688 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; 6689-import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; 6690-import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; 6691-import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; 6692-import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; 6693+// BEGIN android-removed 6694+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; 6695+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; 6696+// import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; 6697+// import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; 6698+// END android-removed 6699 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; 6700 6701 public final class Twofish 6702@@ -21,56 +29,58 @@ 6703 { 6704 } 6705 6706- public static class ECB 6707- extends BaseBlockCipher 6708- { 6709- public ECB() 6710- { 6711- super(new BlockCipherProvider() 6712- { 6713- public BlockCipher get() 6714- { 6715- return new TwofishEngine(); 6716- } 6717- }); 6718- } 6719- } 6720- 6721- public static class KeyGen 6722- extends BaseKeyGenerator 6723- { 6724- public KeyGen() 6725- { 6726- super("Twofish", 256, new CipherKeyGenerator()); 6727- } 6728- } 6729- 6730- public static class GMAC 6731- extends BaseMac 6732- { 6733- public GMAC() 6734- { 6735- super(new GMac(new GCMBlockCipher(new TwofishEngine()))); 6736- } 6737- } 6738- 6739- public static class Poly1305 6740- extends BaseMac 6741- { 6742- public Poly1305() 6743- { 6744- super(new org.bouncycastle.crypto.macs.Poly1305(new TwofishEngine())); 6745- } 6746- } 6747- 6748- public static class Poly1305KeyGen 6749- extends BaseKeyGenerator 6750- { 6751- public Poly1305KeyGen() 6752- { 6753- super("Poly1305-Twofish", 256, new Poly1305KeyGenerator()); 6754- } 6755- } 6756+ // BEGIN android-removed 6757+ // public static class ECB 6758+ // extends BaseBlockCipher 6759+ // { 6760+ // public ECB() 6761+ // { 6762+ // super(new BlockCipherProvider() 6763+ // { 6764+ // public BlockCipher get() 6765+ // { 6766+ // return new TwofishEngine(); 6767+ // } 6768+ // }); 6769+ // } 6770+ // } 6771+ // 6772+ // public static class KeyGen 6773+ // extends BaseKeyGenerator 6774+ // { 6775+ // public KeyGen() 6776+ // { 6777+ // super("Twofish", 256, new CipherKeyGenerator()); 6778+ // } 6779+ // } 6780+ // 6781+ // public static class GMAC 6782+ // extends BaseMac 6783+ // { 6784+ // public GMAC() 6785+ // { 6786+ // super(new GMac(new GCMBlockCipher(new TwofishEngine()))); 6787+ // } 6788+ // } 6789+ // 6790+ // public static class Poly1305 6791+ // extends BaseMac 6792+ // { 6793+ // public Poly1305() 6794+ // { 6795+ // super(new org.bouncycastle.crypto.macs.Poly1305(new TwofishEngine())); 6796+ // } 6797+ // } 6798+ // 6799+ // public static class Poly1305KeyGen 6800+ // extends BaseKeyGenerator 6801+ // { 6802+ // public Poly1305KeyGen() 6803+ // { 6804+ // super("Poly1305-Twofish", 256, new Poly1305KeyGenerator()); 6805+ // } 6806+ // } 6807+ // END android-removed 6808 6809 /** 6810 * PBEWithSHAAndTwofish-CBC 6811@@ -96,14 +106,16 @@ 6812 } 6813 } 6814 6815- public static class AlgParams 6816- extends IvAlgorithmParameters 6817- { 6818- protected String engineToString() 6819- { 6820- return "Twofish IV"; 6821- } 6822- } 6823+ // BEGIN android-removed 6824+ // public static class AlgParams 6825+ // extends IvAlgorithmParameters 6826+ // { 6827+ // protected String engineToString() 6828+ // { 6829+ // return "Twofish IV"; 6830+ // } 6831+ // } 6832+ // END android-removed 6833 6834 public static class Mappings 6835 extends SymmetricAlgorithmProvider 6836@@ -116,17 +128,21 @@ 6837 6838 public void configure(ConfigurableProvider provider) 6839 { 6840- provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB"); 6841- provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen"); 6842- provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams"); 6843+ // BEGIN android-removed 6844+ // provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB"); 6845+ // provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen"); 6846+ // provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams"); 6847+ // END android-removed 6848 6849 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); 6850 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); 6851 provider.addAlgorithm("Cipher.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHA"); 6852 provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHAKeyFactory"); 6853 6854- addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen"); 6855- addPoly1305Algorithm(provider, "Twofish", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); 6856+ // BEGIN android-removed 6857+ // addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen"); 6858+ // addPoly1305Algorithm(provider, "Twofish", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); 6859+ // END android-removed 6860 } 6861 } 6862 } 6863diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 6864--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2015-03-01 12:03:02.000000000 +0000 6865+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2015-04-09 13:10:16.000000000 +0000 6866@@ -20,8 +20,10 @@ 6867 import javax.crypto.ShortBufferException; 6868 import javax.crypto.spec.IvParameterSpec; 6869 import javax.crypto.spec.PBEParameterSpec; 6870-import javax.crypto.spec.RC2ParameterSpec; 6871-import javax.crypto.spec.RC5ParameterSpec; 6872+// BEGIN android-removed 6873+// import javax.crypto.spec.RC2ParameterSpec; 6874+// import javax.crypto.spec.RC5ParameterSpec; 6875+// END android-removed 6876 6877 import org.bouncycastle.asn1.cms.GCMParameters; 6878 import org.bouncycastle.crypto.BlockCipher; 6879@@ -35,14 +37,20 @@ 6880 import org.bouncycastle.crypto.modes.CCMBlockCipher; 6881 import org.bouncycastle.crypto.modes.CFBBlockCipher; 6882 import org.bouncycastle.crypto.modes.CTSBlockCipher; 6883-import org.bouncycastle.crypto.modes.EAXBlockCipher; 6884-import org.bouncycastle.crypto.modes.GCFBBlockCipher; 6885+// BEGIN android-removed 6886+// import org.bouncycastle.crypto.modes.EAXBlockCipher; 6887+// import org.bouncycastle.crypto.modes.GCFBBlockCipher; 6888+// END android-removed 6889 import org.bouncycastle.crypto.modes.GCMBlockCipher; 6890-import org.bouncycastle.crypto.modes.GOFBBlockCipher; 6891-import org.bouncycastle.crypto.modes.OCBBlockCipher; 6892+// BEGIN android-removed 6893+// import org.bouncycastle.crypto.modes.GOFBBlockCipher; 6894+// import org.bouncycastle.crypto.modes.OCBBlockCipher; 6895+// END android-removed 6896 import org.bouncycastle.crypto.modes.OFBBlockCipher; 6897-import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; 6898-import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; 6899+// BEGIN android-removed 6900+// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; 6901+// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; 6902+// END android-removed 6903 import org.bouncycastle.crypto.modes.SICBlockCipher; 6904 import org.bouncycastle.crypto.paddings.BlockCipherPadding; 6905 import org.bouncycastle.crypto.paddings.ISO10126d2Padding; 6906@@ -55,11 +63,15 @@ 6907 import org.bouncycastle.crypto.params.KeyParameter; 6908 import org.bouncycastle.crypto.params.ParametersWithIV; 6909 import org.bouncycastle.crypto.params.ParametersWithRandom; 6910-import org.bouncycastle.crypto.params.ParametersWithSBox; 6911+// BEGIN android-removed 6912+// import org.bouncycastle.crypto.params.ParametersWithSBox; 6913+// END android-removed 6914 import org.bouncycastle.crypto.params.RC2Parameters; 6915-import org.bouncycastle.crypto.params.RC5Parameters; 6916-import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec; 6917-import org.bouncycastle.jcajce.spec.RepeatedSecretKeySpec; 6918+// BEGIN android-removed 6919+// import org.bouncycastle.crypto.params.RC5Parameters; 6920+// import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec; 6921+// import org.bouncycastle.jcajce.spec.RepeatedSecretKeySpec; 6922+// END android-removed 6923 import org.bouncycastle.jce.provider.BouncyCastleProvider; 6924 import org.bouncycastle.util.Strings; 6925 6926@@ -74,11 +86,15 @@ 6927 // 6928 private Class[] availableSpecs = 6929 { 6930- RC2ParameterSpec.class, 6931- RC5ParameterSpec.class, 6932+ // BEGIN android-removed 6933+ // RC2ParameterSpec.class, 6934+ // RC5ParameterSpec.class, 6935+ // END android-removed 6936 IvParameterSpec.class, 6937 PBEParameterSpec.class, 6938- GOST28147ParameterSpec.class, 6939+ // BEGIN android-removed 6940+ // GOST28147ParameterSpec.class, 6941+ // END android-removed 6942 gcmSpecClass 6943 }; 6944 6945@@ -284,48 +300,52 @@ 6946 new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); 6947 } 6948 } 6949- else if (modeName.startsWith("PGP")) 6950- { 6951- boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); 6952- 6953- ivLength = baseEngine.getBlockSize(); 6954- cipher = new BufferedGenericBlockCipher( 6955- new PGPCFBBlockCipher(baseEngine, inlineIV)); 6956- } 6957- else if (modeName.equalsIgnoreCase("OpenPGPCFB")) 6958- { 6959- ivLength = 0; 6960- cipher = new BufferedGenericBlockCipher( 6961- new OpenPGPCFBBlockCipher(baseEngine)); 6962- } 6963- else if (modeName.startsWith("SIC")) 6964- { 6965- ivLength = baseEngine.getBlockSize(); 6966- if (ivLength < 16) 6967- { 6968- throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)"); 6969- } 6970- cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( 6971- new SICBlockCipher(baseEngine))); 6972- } 6973+ // BEGIN android-removed 6974+ // else if (modeName.startsWith("PGP")) 6975+ // { 6976+ // boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); 6977+ // 6978+ // ivLength = baseEngine.getBlockSize(); 6979+ // cipher = new BufferedGenericBlockCipher( 6980+ // new PGPCFBBlockCipher(baseEngine, inlineIV)); 6981+ // } 6982+ // else if (modeName.equalsIgnoreCase("OpenPGPCFB")) 6983+ // { 6984+ // ivLength = 0; 6985+ // cipher = new BufferedGenericBlockCipher( 6986+ // new OpenPGPCFBBlockCipher(baseEngine)); 6987+ // } 6988+ // else if (modeName.startsWith("SIC")) 6989+ // { 6990+ // ivLength = baseEngine.getBlockSize(); 6991+ // if (ivLength < 16) 6992+ // { 6993+ // throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)"); 6994+ // } 6995+ // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( 6996+ // new SICBlockCipher(baseEngine))); 6997+ // } 6998+ // END android-removed 6999 else if (modeName.startsWith("CTR")) 7000 { 7001 ivLength = baseEngine.getBlockSize(); 7002 cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( 7003 new SICBlockCipher(baseEngine))); 7004 } 7005- else if (modeName.startsWith("GOFB")) 7006- { 7007- ivLength = baseEngine.getBlockSize(); 7008- cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( 7009- new GOFBBlockCipher(baseEngine))); 7010- } 7011- else if (modeName.startsWith("GCFB")) 7012- { 7013- ivLength = baseEngine.getBlockSize(); 7014- cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( 7015- new GCFBBlockCipher(baseEngine))); 7016- } 7017+ // BEGIN android-removed 7018+ // else if (modeName.startsWith("GOFB")) 7019+ // { 7020+ // ivLength = baseEngine.getBlockSize(); 7021+ // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( 7022+ // new GOFBBlockCipher(baseEngine))); 7023+ // } 7024+ // else if (modeName.startsWith("GCFB")) 7025+ // { 7026+ // ivLength = baseEngine.getBlockSize(); 7027+ // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( 7028+ // new GCFBBlockCipher(baseEngine))); 7029+ // } 7030+ // END android-removed 7031 else if (modeName.startsWith("CTS")) 7032 { 7033 ivLength = baseEngine.getBlockSize(); 7034@@ -336,26 +356,28 @@ 7035 ivLength = 13; // CCM nonce 7..13 bytes 7036 cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); 7037 } 7038- else if (modeName.startsWith("OCB")) 7039- { 7040- if (engineProvider != null) 7041- { 7042- /* 7043- * RFC 7253 4.2. Nonce is a string of no more than 120 bits 7044- */ 7045- ivLength = 15; 7046- cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get())); 7047- } 7048- else 7049- { 7050- throw new NoSuchAlgorithmException("can't support mode " + mode); 7051- } 7052- } 7053- else if (modeName.startsWith("EAX")) 7054- { 7055- ivLength = baseEngine.getBlockSize(); 7056- cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); 7057- } 7058+ // BEGIN android-removed 7059+ // else if (modeName.startsWith("OCB")) 7060+ // { 7061+ // if (engineProvider != null) 7062+ // { 7063+ // /* 7064+ // * RFC 7253 4.2. Nonce is a string of no more than 120 bits 7065+ // */ 7066+ // ivLength = 15; 7067+ // cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get())); 7068+ // } 7069+ // else 7070+ // { 7071+ // throw new NoSuchAlgorithmException("can't support mode " + mode); 7072+ // } 7073+ // } 7074+ // else if (modeName.startsWith("EAX")) 7075+ // { 7076+ // ivLength = baseEngine.getBlockSize(); 7077+ // cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); 7078+ // } 7079+ // END android-removed 7080 else if (modeName.startsWith("GCM")) 7081 { 7082 ivLength = baseEngine.getBlockSize(); 7083@@ -478,18 +500,20 @@ 7084 7085 param = new ParametersWithIV(param, iv.getIV()); 7086 } 7087- else if (params instanceof GOST28147ParameterSpec) 7088- { 7089- // need to pick up IV and SBox. 7090- GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; 7091- 7092- param = new ParametersWithSBox(param, gost28147Param.getSbox()); 7093- 7094- if (gost28147Param.getIV() != null && ivLength != 0) 7095- { 7096- param = new ParametersWithIV(param, gost28147Param.getIV()); 7097- } 7098- } 7099+ // BEGIN android-removed 7100+ // else if (params instanceof GOST28147ParameterSpec) 7101+ // { 7102+ // // need to pick up IV and SBox. 7103+ // GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; 7104+ // 7105+ // param = new ParametersWithSBox(param, gost28147Param.getSbox()); 7106+ // 7107+ // if (gost28147Param.getIV() != null && ivLength != 0) 7108+ // { 7109+ // param = new ParametersWithIV(param, gost28147Param.getIV()); 7110+ // } 7111+ // } 7112+ // END android-removed 7113 } 7114 else if (params instanceof PBEParameterSpec) 7115 { 7116@@ -521,12 +545,14 @@ 7117 throw new InvalidAlgorithmParameterException("IV must be " + ivLength + " bytes long."); 7118 } 7119 7120- if (key instanceof RepeatedSecretKeySpec) 7121- { 7122- param = new ParametersWithIV(null, p.getIV()); 7123- ivParam = (ParametersWithIV)param; 7124- } 7125- else 7126+ // BEGIN android-removed 7127+ // if (key instanceof RepeatedSecretKeySpec) 7128+ // { 7129+ // param = new ParametersWithIV(null, p.getIV()); 7130+ // ivParam = (ParametersWithIV)param; 7131+ // } 7132+ // else 7133+ // END android-removed 7134 { 7135 param = new ParametersWithIV(new KeyParameter(key.getEncoded()), p.getIV()); 7136 ivParam = (ParametersWithIV)param; 7137@@ -542,63 +568,65 @@ 7138 param = new KeyParameter(key.getEncoded()); 7139 } 7140 } 7141- else if (params instanceof GOST28147ParameterSpec) 7142- { 7143- GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; 7144- 7145- param = new ParametersWithSBox( 7146- new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); 7147- 7148- if (gost28147Param.getIV() != null && ivLength != 0) 7149- { 7150- param = new ParametersWithIV(param, gost28147Param.getIV()); 7151- ivParam = (ParametersWithIV)param; 7152- } 7153- } 7154- else if (params instanceof RC2ParameterSpec) 7155- { 7156- RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; 7157- 7158- param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); 7159- 7160- if (rc2Param.getIV() != null && ivLength != 0) 7161- { 7162- param = new ParametersWithIV(param, rc2Param.getIV()); 7163- ivParam = (ParametersWithIV)param; 7164- } 7165- } 7166- else if (params instanceof RC5ParameterSpec) 7167- { 7168- RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; 7169- 7170- param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); 7171- if (baseEngine.getAlgorithmName().startsWith("RC5")) 7172- { 7173- if (baseEngine.getAlgorithmName().equals("RC5-32")) 7174- { 7175- if (rc5Param.getWordSize() != 32) 7176- { 7177- throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); 7178- } 7179- } 7180- else if (baseEngine.getAlgorithmName().equals("RC5-64")) 7181- { 7182- if (rc5Param.getWordSize() != 64) 7183- { 7184- throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); 7185- } 7186- } 7187- } 7188- else 7189- { 7190- throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); 7191- } 7192- if ((rc5Param.getIV() != null) && (ivLength != 0)) 7193- { 7194- param = new ParametersWithIV(param, rc5Param.getIV()); 7195- ivParam = (ParametersWithIV)param; 7196- } 7197- } 7198+ // BEGIN android-removed 7199+ // else if (params instanceof GOST28147ParameterSpec) 7200+ // { 7201+ // GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; 7202+ // 7203+ // param = new ParametersWithSBox( 7204+ // new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); 7205+ // 7206+ // if (gost28147Param.getIV() != null && ivLength != 0) 7207+ // { 7208+ // param = new ParametersWithIV(param, gost28147Param.getIV()); 7209+ // ivParam = (ParametersWithIV)param; 7210+ // } 7211+ // } 7212+ // else if (params instanceof RC2ParameterSpec) 7213+ // { 7214+ // RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; 7215+ // 7216+ // param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); 7217+ // 7218+ // if (rc2Param.getIV() != null && ivLength != 0) 7219+ // { 7220+ // param = new ParametersWithIV(param, rc2Param.getIV()); 7221+ // ivParam = (ParametersWithIV)param; 7222+ // } 7223+ // } 7224+ // else if (params instanceof RC5ParameterSpec) 7225+ // { 7226+ // RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; 7227+ // 7228+ // param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); 7229+ // if (baseEngine.getAlgorithmName().startsWith("RC5")) 7230+ // { 7231+ // if (baseEngine.getAlgorithmName().equals("RC5-32")) 7232+ // { 7233+ // if (rc5Param.getWordSize() != 32) 7234+ // { 7235+ // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); 7236+ // } 7237+ // } 7238+ // else if (baseEngine.getAlgorithmName().equals("RC5-64")) 7239+ // { 7240+ // if (rc5Param.getWordSize() != 64) 7241+ // { 7242+ // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); 7243+ // } 7244+ // } 7245+ // } 7246+ // else 7247+ // { 7248+ // throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); 7249+ // } 7250+ // if ((rc5Param.getIV() != null) && (ivLength != 0)) 7251+ // { 7252+ // param = new ParametersWithIV(param, rc5Param.getIV()); 7253+ // ivParam = (ParametersWithIV)param; 7254+ // } 7255+ // } 7256+ // END android-removed 7257 else if (gcmSpecClass != null && gcmSpecClass.isInstance(params)) 7258 { 7259 if (!isAEADModeName(modeName) && !(cipher instanceof AEADGenericBlockCipher)) 7260@@ -611,11 +639,13 @@ 7261 Method tLen = gcmSpecClass.getDeclaredMethod("getTLen", new Class[0]); 7262 Method iv= gcmSpecClass.getDeclaredMethod("getIV", new Class[0]); 7263 7264- if (key instanceof RepeatedSecretKeySpec) 7265- { 7266- param = aeadParams = new AEADParameters(null, ((Integer)tLen.invoke(params, new Object[0])).intValue(), (byte[])iv.invoke(params, new Object[0])); 7267- } 7268- else 7269+ // BEGIN android-removed 7270+ // if (key instanceof RepeatedSecretKeySpec) 7271+ // { 7272+ // param = aeadParams = new AEADParameters(null, ((Integer)tLen.invoke(params, new Object[0])).intValue(), (byte[])iv.invoke(params, new Object[0])); 7273+ // } 7274+ // else 7275+ // END android-removed 7276 { 7277 param = aeadParams = new AEADParameters(new KeyParameter(key.getEncoded()), ((Integer)tLen.invoke(params, new Object[0])).intValue(), (byte[])iv.invoke(params, new Object[0])); 7278 } 7279@@ -867,7 +897,9 @@ 7280 private boolean isAEADModeName( 7281 String modeName) 7282 { 7283- return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName) || "OCB".equals(modeName); 7284+ // BEGIN android-changed 7285+ return "CCM".equals(modeName) || "GCM".equals(modeName); 7286+ // END android-changed 7287 } 7288 7289 /* 7290diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java 7291--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java 2015-03-01 12:03:02.000000000 +0000 7292+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java 2013-12-12 00:35:05.000000000 +0000 7293@@ -16,8 +16,10 @@ 7294 import org.bouncycastle.crypto.Mac; 7295 import org.bouncycastle.crypto.params.KeyParameter; 7296 import org.bouncycastle.crypto.params.ParametersWithIV; 7297-import org.bouncycastle.crypto.params.SkeinParameters; 7298-import org.bouncycastle.jcajce.spec.SkeinParameterSpec; 7299+// BEGIN android-removed 7300+// import org.bouncycastle.crypto.params.SkeinParameters; 7301+// import org.bouncycastle.jcajce.spec.SkeinParameterSpec; 7302+// END android-removed 7303 7304 public class BaseMac 7305 extends MacSpi implements PBE 7306@@ -79,10 +81,12 @@ 7307 { 7308 param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV()); 7309 } 7310- else if (params instanceof SkeinParameterSpec) 7311- { 7312- param = new SkeinParameters.Builder(copyMap(((SkeinParameterSpec)params).getParameters())).setKey(key.getEncoded()).build(); 7313- } 7314+ // BEGIN android-removed 7315+ // else if (params instanceof SkeinParameterSpec) 7316+ // { 7317+ // param = new SkeinParameters.Builder(copyMap(((SkeinParameterSpec)params).getParameters())).setKey(key.getEncoded()).build(); 7318+ // } 7319+ // END android-removed 7320 else if (params == null) 7321 { 7322 param = new KeyParameter(key.getEncoded()); 7323diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java 7324--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java 2015-03-01 12:03:02.000000000 +0000 7325+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java 2015-04-09 13:10:16.000000000 +0000 7326@@ -15,8 +15,10 @@ 7327 import javax.crypto.ShortBufferException; 7328 import javax.crypto.spec.IvParameterSpec; 7329 import javax.crypto.spec.PBEParameterSpec; 7330-import javax.crypto.spec.RC2ParameterSpec; 7331-import javax.crypto.spec.RC5ParameterSpec; 7332+// BEGIN android-removed 7333+// import javax.crypto.spec.RC2ParameterSpec; 7334+// import javax.crypto.spec.RC5ParameterSpec; 7335+// END android-removed 7336 7337 import org.bouncycastle.crypto.CipherParameters; 7338 import org.bouncycastle.crypto.DataLengthException; 7339@@ -34,8 +36,10 @@ 7340 // 7341 private Class[] availableSpecs = 7342 { 7343- RC2ParameterSpec.class, 7344- RC5ParameterSpec.class, 7345+ // BEGIN android-removed 7346+ // RC2ParameterSpec.class, 7347+ // RC5ParameterSpec.class, 7348+ // END android-removed 7349 IvParameterSpec.class, 7350 PBEParameterSpec.class 7351 }; 7352diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 7353--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2015-03-01 12:03:02.000000000 +0000 7354+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2015-04-09 13:10:16.000000000 +0000 7355@@ -24,8 +24,10 @@ 7356 import javax.crypto.ShortBufferException; 7357 import javax.crypto.spec.IvParameterSpec; 7358 import javax.crypto.spec.PBEParameterSpec; 7359-import javax.crypto.spec.RC2ParameterSpec; 7360-import javax.crypto.spec.RC5ParameterSpec; 7361+// BEGIN android-removed 7362+// import javax.crypto.spec.RC2ParameterSpec; 7363+// import javax.crypto.spec.RC5ParameterSpec; 7364+// END android-removed 7365 import javax.crypto.spec.SecretKeySpec; 7366 7367 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; 7368@@ -50,8 +52,10 @@ 7369 { 7370 IvParameterSpec.class, 7371 PBEParameterSpec.class, 7372- RC2ParameterSpec.class, 7373- RC5ParameterSpec.class 7374+ // BEGIN android-removed 7375+ // RC2ParameterSpec.class, 7376+ // RC5ParameterSpec.class 7377+ // END android-removed 7378 }; 7379 7380 protected int pbeType = PKCS12; 7381@@ -276,6 +280,8 @@ 7382 return null; 7383 } 7384 7385+ // BEGIN android-changed 7386+ // added ShortBufferException to throws statement 7387 protected int engineDoFinal( 7388 byte[] input, 7389 int inputOffset, 7390@@ -286,6 +292,7 @@ 7391 { 7392 return 0; 7393 } 7394+ // END android-changed 7395 7396 protected byte[] engineWrap( 7397 Key key) 7398diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 7399--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2015-03-01 12:03:02.000000000 +0000 7400+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2013-12-12 00:35:05.000000000 +0000 7401@@ -7,13 +7,18 @@ 7402 7403 import org.bouncycastle.crypto.CipherParameters; 7404 import org.bouncycastle.crypto.PBEParametersGenerator; 7405-import org.bouncycastle.crypto.digests.GOST3411Digest; 7406-import org.bouncycastle.crypto.digests.MD2Digest; 7407-import org.bouncycastle.crypto.digests.MD5Digest; 7408-import org.bouncycastle.crypto.digests.RIPEMD160Digest; 7409-import org.bouncycastle.crypto.digests.SHA1Digest; 7410-import org.bouncycastle.crypto.digests.SHA256Digest; 7411-import org.bouncycastle.crypto.digests.TigerDigest; 7412+// BEGIN android-removed 7413+// import org.bouncycastle.crypto.digests.GOST3411Digest; 7414+// import org.bouncycastle.crypto.digests.MD2Digest; 7415+// import org.bouncycastle.crypto.digests.MD5Digest; 7416+// import org.bouncycastle.crypto.digests.RIPEMD160Digest; 7417+// import org.bouncycastle.crypto.digests.SHA1Digest; 7418+// import org.bouncycastle.crypto.digests.SHA256Digest; 7419+// import org.bouncycastle.crypto.digests.TigerDigest; 7420+// END android-removed 7421+// BEGIN android-added 7422+import org.bouncycastle.crypto.digests.AndroidDigestFactory; 7423+// END android-added 7424 import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator; 7425 import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; 7426 import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; 7427@@ -29,11 +34,15 @@ 7428 // 7429 static final int MD5 = 0; 7430 static final int SHA1 = 1; 7431- static final int RIPEMD160 = 2; 7432- static final int TIGER = 3; 7433+ // BEGIN android-removed 7434+ // static final int RIPEMD160 = 2; 7435+ // static final int TIGER = 3; 7436+ // END android-removed 7437 static final int SHA256 = 4; 7438- static final int MD2 = 5; 7439- static final int GOST3411 = 6; 7440+ // BEGIN android-removed 7441+ // static final int MD2 = 5; 7442+ // static final int GOST3411 = 6; 7443+ // END android-removed 7444 7445 static final int PKCS5S1 = 0; 7446 static final int PKCS5S2 = 1; 7447@@ -57,14 +66,20 @@ 7448 { 7449 switch (hash) 7450 { 7451- case MD2: 7452- generator = new PKCS5S1ParametersGenerator(new MD2Digest()); 7453- break; 7454+ // BEGIN android-removed 7455+ // case MD2: 7456+ // generator = new PKCS5S1ParametersGenerator(new MD2Digest()); 7457+ // break; 7458+ // END android-removed 7459 case MD5: 7460- generator = new PKCS5S1ParametersGenerator(new MD5Digest()); 7461+ // BEGIN android-changed 7462+ generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getMD5()); 7463+ // END android-changed 7464 break; 7465 case SHA1: 7466- generator = new PKCS5S1ParametersGenerator(new SHA1Digest()); 7467+ // BEGIN android-changed 7468+ generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getSHA1()); 7469+ // END android-changed 7470 break; 7471 default: 7472 throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); 7473@@ -74,27 +89,39 @@ 7474 { 7475 switch (hash) 7476 { 7477- case MD2: 7478- generator = new PKCS5S2ParametersGenerator(new MD2Digest()); 7479- break; 7480+ // BEGIN android-removed 7481+ // case MD2: 7482+ // generator = new PKCS5S2ParametersGenerator(new MD2Digest()); 7483+ // break; 7484+ // END android-removed 7485 case MD5: 7486- generator = new PKCS5S2ParametersGenerator(new MD5Digest()); 7487+ // BEGIN android-changed 7488+ generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getMD5()); 7489+ // END android-changed 7490 break; 7491 case SHA1: 7492- generator = new PKCS5S2ParametersGenerator(new SHA1Digest()); 7493- break; 7494- case RIPEMD160: 7495- generator = new PKCS5S2ParametersGenerator(new RIPEMD160Digest()); 7496- break; 7497- case TIGER: 7498- generator = new PKCS5S2ParametersGenerator(new TigerDigest()); 7499- break; 7500+ // BEGIN android-changed 7501+ generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA1()); 7502+ // END android-changed 7503+ break; 7504+ // BEGIN android-removed 7505+ // case RIPEMD160: 7506+ // generator = new PKCS5S2ParametersGenerator(new RIPEMD160Digest()); 7507+ // break; 7508+ // case TIGER: 7509+ // generator = new PKCS5S2ParametersGenerator(new TigerDigest()); 7510+ // break; 7511+ // END android-removed 7512 case SHA256: 7513- generator = new PKCS5S2ParametersGenerator(new SHA256Digest()); 7514- break; 7515- case GOST3411: 7516- generator = new PKCS5S2ParametersGenerator(new GOST3411Digest()); 7517- break; 7518+ // BEGIN android-changed 7519+ generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA256()); 7520+ // END android-changed 7521+ break; 7522+ // BEGIN android-removed 7523+ // case GOST3411: 7524+ // generator = new PKCS5S2ParametersGenerator(new GOST3411Digest()); 7525+ // break; 7526+ // END android-removed 7527 default: 7528 throw new IllegalStateException("unknown digest scheme for PBE PKCS5S2 encryption."); 7529 } 7530@@ -103,27 +130,39 @@ 7531 { 7532 switch (hash) 7533 { 7534- case MD2: 7535- generator = new PKCS12ParametersGenerator(new MD2Digest()); 7536- break; 7537+ // BEGIN android-removed 7538+ // case MD2: 7539+ // generator = new PKCS12ParametersGenerator(new MD2Digest()); 7540+ // break; 7541+ // END android-removed 7542 case MD5: 7543- generator = new PKCS12ParametersGenerator(new MD5Digest()); 7544+ // BEGIN android-changed 7545+ generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getMD5()); 7546+ // END android-changed 7547 break; 7548 case SHA1: 7549- generator = new PKCS12ParametersGenerator(new SHA1Digest()); 7550- break; 7551- case RIPEMD160: 7552- generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); 7553- break; 7554- case TIGER: 7555- generator = new PKCS12ParametersGenerator(new TigerDigest()); 7556- break; 7557+ // BEGIN android-changed 7558+ generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); 7559+ // END android-changed 7560+ break; 7561+ // BEGIN android-removed 7562+ // case RIPEMD160: 7563+ // generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); 7564+ // break; 7565+ // case TIGER: 7566+ // generator = new PKCS12ParametersGenerator(new TigerDigest()); 7567+ // break; 7568+ // END android-removed 7569 case SHA256: 7570- generator = new PKCS12ParametersGenerator(new SHA256Digest()); 7571- break; 7572- case GOST3411: 7573- generator = new PKCS12ParametersGenerator(new GOST3411Digest()); 7574- break; 7575+ // BEGIN android-changed 7576+ generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA256()); 7577+ // END android-changed 7578+ break; 7579+ // BEGIN android-removed 7580+ // case GOST3411: 7581+ // generator = new PKCS12ParametersGenerator(new GOST3411Digest()); 7582+ // break; 7583+ // END android-removed 7584 default: 7585 throw new IllegalStateException("unknown digest scheme for PBE encryption."); 7586 } 7587diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/util/DigestFactory.java 7588--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2015-03-01 12:03:02.000000000 +0000 7589+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2013-09-26 18:06:21.000000000 +0000 7590@@ -10,12 +10,17 @@ 7591 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; 7592 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 7593 import org.bouncycastle.crypto.Digest; 7594-import org.bouncycastle.crypto.digests.MD5Digest; 7595-import org.bouncycastle.crypto.digests.SHA1Digest; 7596-import org.bouncycastle.crypto.digests.SHA224Digest; 7597-import org.bouncycastle.crypto.digests.SHA256Digest; 7598-import org.bouncycastle.crypto.digests.SHA384Digest; 7599-import org.bouncycastle.crypto.digests.SHA512Digest; 7600+// BEGIN android-removed 7601+// import org.bouncycastle.crypto.digests.MD5Digest; 7602+// import org.bouncycastle.crypto.digests.SHA1Digest; 7603+// import org.bouncycastle.crypto.digests.SHA224Digest; 7604+// import org.bouncycastle.crypto.digests.SHA256Digest; 7605+// import org.bouncycastle.crypto.digests.SHA384Digest; 7606+// import org.bouncycastle.crypto.digests.SHA512Digest; 7607+// END android-removed 7608+// BEGIN android-added 7609+import org.bouncycastle.crypto.digests.AndroidDigestFactory; 7610+// END android-added 7611 import org.bouncycastle.util.Strings; 7612 7613 public class DigestFactory 7614@@ -85,27 +90,39 @@ 7615 7616 if (sha1.contains(digestName)) 7617 { 7618- return new SHA1Digest(); 7619+ // BEGIN android-changed 7620+ return AndroidDigestFactory.getSHA1(); 7621+ // END android-changed 7622 } 7623 if (md5.contains(digestName)) 7624 { 7625- return new MD5Digest(); 7626+ // BEGIN android-changed 7627+ return AndroidDigestFactory.getMD5(); 7628+ // END android-changed 7629 } 7630 if (sha224.contains(digestName)) 7631 { 7632- return new SHA224Digest(); 7633+ // BEGIN android-changed 7634+ return AndroidDigestFactory.getSHA224(); 7635+ // END android-changed 7636 } 7637 if (sha256.contains(digestName)) 7638 { 7639- return new SHA256Digest(); 7640+ // BEGIN android-changed 7641+ return AndroidDigestFactory.getSHA256(); 7642+ // END android-changed 7643 } 7644 if (sha384.contains(digestName)) 7645 { 7646- return new SHA384Digest(); 7647+ // BEGIN android-changed 7648+ return AndroidDigestFactory.getSHA384(); 7649+ // END android-changed 7650 } 7651 if (sha512.contains(digestName)) 7652 { 7653- return new SHA512Digest(); 7654+ // BEGIN android-changed 7655+ return AndroidDigestFactory.getSHA512(); 7656+ // END android-changed 7657 } 7658 7659 return null; 7660diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/util/JcaJceUtils.java bcprov-jdk15on-152/org/bouncycastle/jcajce/util/JcaJceUtils.java 7661--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/util/JcaJceUtils.java 2015-03-01 12:03:02.000000000 +0000 7662+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/util/JcaJceUtils.java 2014-07-28 19:51:54.000000000 +0000 7663@@ -6,11 +6,15 @@ 7664 import org.bouncycastle.asn1.ASN1Encodable; 7665 import org.bouncycastle.asn1.ASN1ObjectIdentifier; 7666 import org.bouncycastle.asn1.ASN1Primitive; 7667-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 7668+// BEGIN android-removed 7669+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 7670+// END android-removed 7671 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; 7672 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; 7673 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 7674-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 7675+// BEGIN android-removed 7676+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 7677+// END android-removed 7678 7679 /** 7680 * General JCA/JCE utility methods. 7681@@ -100,22 +104,24 @@ 7682 { 7683 return "SHA512"; 7684 } 7685- else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) 7686- { 7687- return "RIPEMD128"; 7688- } 7689- else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) 7690- { 7691- return "RIPEMD160"; 7692- } 7693- else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) 7694- { 7695- return "RIPEMD256"; 7696- } 7697- else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) 7698- { 7699- return "GOST3411"; 7700- } 7701+ // BEGIN android-removed 7702+ // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) 7703+ // { 7704+ // return "RIPEMD128"; 7705+ // } 7706+ // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) 7707+ // { 7708+ // return "RIPEMD160"; 7709+ // } 7710+ // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) 7711+ // { 7712+ // return "RIPEMD256"; 7713+ // } 7714+ // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) 7715+ // { 7716+ // return "GOST3411"; 7717+ // } 7718+ // END android-removed 7719 else 7720 { 7721 return digestAlgOID.getId(); 7722diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk15on-152/org/bouncycastle/jce/PKCS10CertificationRequest.java 7723--- bcprov-jdk15on-152.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2015-03-01 12:03:02.000000000 +0000 7724+++ bcprov-jdk15on-152/org/bouncycastle/jce/PKCS10CertificationRequest.java 2014-07-28 19:51:54.000000000 +0000 7725@@ -30,14 +30,18 @@ 7726 import org.bouncycastle.asn1.ASN1Set; 7727 import org.bouncycastle.asn1.DERBitString; 7728 import org.bouncycastle.asn1.DERNull; 7729-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 7730+// BEGIN android-removed 7731+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 7732+// END android-removed 7733 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; 7734 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; 7735 import org.bouncycastle.asn1.pkcs.CertificationRequest; 7736 import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; 7737 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 7738 import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; 7739-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 7740+// BEGIN android-removed 7741+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 7742+// END android-removed 7743 import org.bouncycastle.asn1.x509.AlgorithmIdentifier; 7744 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; 7745 import org.bouncycastle.asn1.x509.X509Name; 7746@@ -81,8 +85,11 @@ 7747 7748 static 7749 { 7750- algorithms.put("MD2WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2")); 7751- algorithms.put("MD2WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2")); 7752+ // BEGIN android-removed 7753+ // Dropping MD2 7754+ // algorithms.put("MD2WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2")); 7755+ // algorithms.put("MD2WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2")); 7756+ // END android-removed 7757 algorithms.put("MD5WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4")); 7758 algorithms.put("MD5WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4")); 7759 algorithms.put("RSAWITHMD5", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4")); 7760@@ -102,12 +109,14 @@ 7761 algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 7762 algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 7763 algorithms.put("RSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.113549.1.1.5")); 7764- algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 7765- algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 7766- algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 7767- algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 7768- algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 7769- algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 7770+ // BEGIN android-removed 7771+ // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 7772+ // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 7773+ // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 7774+ // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 7775+ // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 7776+ // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 7777+ // END android-removed 7778 algorithms.put("SHA1WITHDSA", new ASN1ObjectIdentifier("1.2.840.10040.4.3")); 7779 algorithms.put("DSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.10040.4.3")); 7780 algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); 7781@@ -120,11 +129,13 @@ 7782 algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); 7783 algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); 7784 algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); 7785- algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 7786- algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 7787- algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 7788- algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 7789- algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 7790+ // BEGIN android-removed 7791+ // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 7792+ // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 7793+ // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 7794+ // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 7795+ // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 7796+ // END android-removed 7797 7798 // 7799 // reverse mappings 7800@@ -134,11 +145,15 @@ 7801 oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA"); 7802 oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA"); 7803 oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA"); 7804- oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); 7805- oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); 7806+ // BEGIN android-removed 7807+ // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); 7808+ // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); 7809+ // END android-removed 7810 7811 oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA"); 7812- oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); 7813+ // BEGIN android-removed 7814+ // oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); 7815+ // END android-removed 7816 oids.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA"); 7817 oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA"); 7818 oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); 7819@@ -172,8 +187,10 @@ 7820 // 7821 // RFC 4491 7822 // 7823- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 7824- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 7825+ // BEGIN android-removed 7826+ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 7827+ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 7828+ // END android-removed 7829 // 7830 // explicit params 7831 // 7832@@ -616,22 +633,24 @@ 7833 { 7834 return "SHA512"; 7835 } 7836- else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) 7837- { 7838- return "RIPEMD128"; 7839- } 7840- else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) 7841- { 7842- return "RIPEMD160"; 7843- } 7844- else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) 7845- { 7846- return "RIPEMD256"; 7847- } 7848- else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) 7849- { 7850- return "GOST3411"; 7851- } 7852+ // BEGIN android-removed 7853+ // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) 7854+ // { 7855+ // return "RIPEMD128"; 7856+ // } 7857+ // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) 7858+ // { 7859+ // return "RIPEMD160"; 7860+ // } 7861+ // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) 7862+ // { 7863+ // return "RIPEMD256"; 7864+ // } 7865+ // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) 7866+ // { 7867+ // return "GOST3411"; 7868+ // } 7869+ // END android-removed 7870 else 7871 { 7872 return digestAlgOID.getId(); 7873diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/BouncyCastleProvider.java 7874--- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2015-03-01 12:03:02.000000000 +0000 7875+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2015-04-09 13:10:16.000000000 +0000 7876@@ -64,15 +64,22 @@ 7877 7878 private static final String[] SYMMETRIC_MACS = 7879 { 7880- "SipHash" 7881+ // BEGIN android-removed 7882+ // "SipHash" 7883+ // END android-removed 7884 }; 7885 7886 private static final String[] SYMMETRIC_CIPHERS = 7887 { 7888- "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "ChaCha", "DES", "DESede", 7889- "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", "Noekeon", "RC2", "RC5", 7890- "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Shacal2", "Skipjack", "TEA", "Twofish", "Threefish", 7891- "VMPC", "VMPCKSA3", "XTEA", "XSalsa20" 7892+ // BEGIN android-removed 7893+ // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "ChaCha", "DES", "DESede", 7894+ // "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", "Noekeon", "RC2", "RC5", 7895+ // "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Shacal2", "Skipjack", "TEA", "Twofish", "Threefish", 7896+ // "VMPC", "VMPCKSA3", "XTEA", "XSalsa20" 7897+ // END android-removed 7898+ // BEGIN android-added 7899+ "AES", "ARC4", "Blowfish", "DES", "DESede", "RC2", "Twofish", 7900+ // END android-added 7901 }; 7902 7903 /* 7904@@ -84,12 +91,22 @@ 7905 // later ones configure it. 7906 private static final String[] ASYMMETRIC_GENERIC = 7907 { 7908- "X509", "IES" 7909+ // BEGIN android-removed 7910+ // "X509", "IES" 7911+ // END android-removed 7912+ // BEGIN android-added 7913+ "X509" 7914+ // END android-added 7915 }; 7916 7917 private static final String[] ASYMMETRIC_CIPHERS = 7918 { 7919- "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145" 7920+ // BEGIN android-removed 7921+ // "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145" 7922+ // END android-removed 7923+ // BEGIN android-added 7924+ "DSA", "DH", "EC", "RSA", 7925+ // END android-added 7926 }; 7927 7928 /* 7929@@ -98,7 +115,12 @@ 7930 private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest."; 7931 private static final String[] DIGESTS = 7932 { 7933- "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "Skein", "SM3", "Tiger", "Whirlpool" 7934+ // BEGIN android-removed 7935+ // "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "Skein", "SM3", "Tiger", "Whirlpool" 7936+ // END android-removed 7937+ // BEGIN android-added 7938+ "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", 7939+ // END android-added 7940 }; 7941 7942 /* 7943@@ -145,48 +167,52 @@ 7944 7945 loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES); 7946 7947- // 7948- // X509Store 7949- // 7950- put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection"); 7951- put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection"); 7952- put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection"); 7953- put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection"); 7954- 7955- put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts"); 7956- put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs"); 7957- put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts"); 7958- put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs"); 7959- 7960- // 7961- // X509StreamParser 7962- // 7963- put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser"); 7964- put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); 7965- put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); 7966- put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); 7967- 7968- // 7969- // cipher engines 7970- // 7971- put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); 7972- 7973- put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); 7974- 7975- 7976- put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); 7977- 7978- // Certification Path API 7979- put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); 7980- put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); 7981- put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); 7982- put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); 7983+ // BEGIN android-removed 7984+ // // 7985+ // // X509Store 7986+ // // 7987+ // put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection"); 7988+ // put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection"); 7989+ // put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection"); 7990+ // put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection"); 7991+ // 7992+ // put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts"); 7993+ // put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs"); 7994+ // put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts"); 7995+ // put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs"); 7996+ // 7997+ // // 7998+ // // X509StreamParser 7999+ // // 8000+ // put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser"); 8001+ // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); 8002+ // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); 8003+ // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); 8004+ // 8005+ // // 8006+ // // cipher engines 8007+ // // 8008+ // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); 8009+ // 8010+ // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); 8011+ // 8012+ // 8013+ // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); 8014+ // 8015+ // // Certification Path API 8016+ // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); 8017+ // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); 8018+ // put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); 8019+ // put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); 8020+ // END android-removed 8021 put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); 8022 put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); 8023 put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi"); 8024- put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi"); 8025- put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi"); 8026- put("Alg.Alias.CertStore.X509LDAP", "LDAP"); 8027+ // BEGIN android-removed 8028+ // put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi"); 8029+ // put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi"); 8030+ // put("Alg.Alias.CertStore.X509LDAP", "LDAP"); 8031+ // END android-removed 8032 } 8033 8034 private void loadAlgorithms(String packageName, String[] names) 8035diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/CertBlacklist.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/CertBlacklist.java 8036--- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/CertBlacklist.java 1970-01-01 00:00:00.000000000 +0000 8037+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/CertBlacklist.java 2015-06-10 22:51:41.000000000 +0000 8038@@ -0,0 +1,233 @@ 8039+/* 8040+ * Copyright (C) 2012 The Android Open Source Project 8041+ * 8042+ * Licensed under the Apache License, Version 2.0 (the "License"); 8043+ * you may not use this file except in compliance with the License. 8044+ * You may obtain a copy of the License at 8045+ * 8046+ * http://www.apache.org/licenses/LICENSE-2.0 8047+ * 8048+ * Unless required by applicable law or agreed to in writing, software 8049+ * distributed under the License is distributed on an "AS IS" BASIS, 8050+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 8051+ * See the License for the specific language governing permissions and 8052+ * limitations under the License. 8053+ */ 8054+ 8055+package org.bouncycastle.jce.provider; 8056+ 8057+import java.io.Closeable; 8058+import java.io.ByteArrayOutputStream; 8059+import java.io.FileNotFoundException; 8060+import java.io.IOException; 8061+import java.io.RandomAccessFile; 8062+import java.math.BigInteger; 8063+import java.security.PublicKey; 8064+import java.util.Arrays; 8065+import java.util.Collections; 8066+import java.util.HashSet; 8067+import java.util.Set; 8068+import java.util.logging.Level; 8069+import java.util.logging.Logger; 8070+import org.bouncycastle.crypto.Digest; 8071+import org.bouncycastle.crypto.digests.AndroidDigestFactory; 8072+import org.bouncycastle.util.encoders.Hex; 8073+ 8074+public class CertBlacklist { 8075+ private static final Logger logger = Logger.getLogger(CertBlacklist.class.getName()); 8076+ 8077+ // public for testing 8078+ public final Set<BigInteger> serialBlacklist; 8079+ public final Set<byte[]> pubkeyBlacklist; 8080+ 8081+ public CertBlacklist() { 8082+ String androidData = System.getenv("ANDROID_DATA"); 8083+ String blacklistRoot = androidData + "/misc/keychain/"; 8084+ String defaultPubkeyBlacklistPath = blacklistRoot + "pubkey_blacklist.txt"; 8085+ String defaultSerialBlacklistPath = blacklistRoot + "serial_blacklist.txt"; 8086+ 8087+ pubkeyBlacklist = readPublicKeyBlackList(defaultPubkeyBlacklistPath); 8088+ serialBlacklist = readSerialBlackList(defaultSerialBlacklistPath); 8089+ } 8090+ 8091+ /** Test only interface, not for public use */ 8092+ public CertBlacklist(String pubkeyBlacklistPath, String serialBlacklistPath) { 8093+ pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath); 8094+ serialBlacklist = readSerialBlackList(serialBlacklistPath); 8095+ } 8096+ 8097+ private static boolean isHex(String value) { 8098+ try { 8099+ new BigInteger(value, 16); 8100+ return true; 8101+ } catch (NumberFormatException e) { 8102+ logger.log(Level.WARNING, "Could not parse hex value " + value, e); 8103+ return false; 8104+ } 8105+ } 8106+ 8107+ private static boolean isPubkeyHash(String value) { 8108+ if (value.length() != 40) { 8109+ logger.log(Level.WARNING, "Invalid pubkey hash length: " + value.length()); 8110+ return false; 8111+ } 8112+ return isHex(value); 8113+ } 8114+ 8115+ private static String readBlacklist(String path) { 8116+ try { 8117+ return readFileAsString(path); 8118+ } catch (FileNotFoundException ignored) { 8119+ } catch (IOException e) { 8120+ logger.log(Level.WARNING, "Could not read blacklist", e); 8121+ } 8122+ return ""; 8123+ } 8124+ 8125+ // From IoUtils.readFileAsString 8126+ private static String readFileAsString(String path) throws IOException { 8127+ return readFileAsBytes(path).toString("UTF-8"); 8128+ } 8129+ 8130+ // Based on IoUtils.readFileAsBytes 8131+ private static ByteArrayOutputStream readFileAsBytes(String path) throws IOException { 8132+ RandomAccessFile f = null; 8133+ try { 8134+ f = new RandomAccessFile(path, "r"); 8135+ ByteArrayOutputStream bytes = new ByteArrayOutputStream((int) f.length()); 8136+ byte[] buffer = new byte[8192]; 8137+ while (true) { 8138+ int byteCount = f.read(buffer); 8139+ if (byteCount == -1) { 8140+ return bytes; 8141+ } 8142+ bytes.write(buffer, 0, byteCount); 8143+ } 8144+ } finally { 8145+ closeQuietly(f); 8146+ } 8147+ } 8148+ 8149+ // Base on IoUtils.closeQuietly 8150+ private static void closeQuietly(Closeable closeable) { 8151+ if (closeable != null) { 8152+ try { 8153+ closeable.close(); 8154+ } catch (RuntimeException rethrown) { 8155+ throw rethrown; 8156+ } catch (Exception ignored) { 8157+ } 8158+ } 8159+ } 8160+ 8161+ private static final Set<BigInteger> readSerialBlackList(String path) { 8162+ 8163+ /* Start out with a base set of known bad values. 8164+ * 8165+ * WARNING: Do not add short serials to this list! 8166+ * 8167+ * Since this currently doesn't compare the serial + issuer, you 8168+ * should only add serials that have enough entropy here. Short 8169+ * serials may inadvertently match a certificate that was issued 8170+ * not in compliance with the Baseline Requirements. 8171+ */ 8172+ Set<BigInteger> bl = new HashSet<BigInteger>(Arrays.asList( 8173+ // From http://src.chromium.org/viewvc/chrome/trunk/src/net/base/x509_certificate.cc?revision=78748&view=markup 8174+ // Not a real certificate. For testing only. 8175+ new BigInteger("077a59bcd53459601ca6907267a6dd1c", 16), 8176+ new BigInteger("047ecbe9fca55f7bd09eae36e10cae1e", 16), 8177+ new BigInteger("d8f35f4eb7872b2dab0692e315382fb0", 16), 8178+ new BigInteger("b0b7133ed096f9b56fae91c874bd3ac0", 16), 8179+ new BigInteger("9239d5348f40d1695a745470e1f23f43", 16), 8180+ new BigInteger("e9028b9578e415dc1a710a2b88154447", 16), 8181+ new BigInteger("d7558fdaf5f1105bb213282b707729a3", 16), 8182+ new BigInteger("f5c86af36162f13a64f54f6dc9587c06", 16), 8183+ new BigInteger("392a434f0e07df1f8aa305de34e0c229", 16), 8184+ new BigInteger("3e75ced46b693021218830ae86a82a71", 16) 8185+ )); 8186+ 8187+ // attempt to augment it with values taken from gservices 8188+ String serialBlacklist = readBlacklist(path); 8189+ if (!serialBlacklist.equals("")) { 8190+ for(String value : serialBlacklist.split(",")) { 8191+ try { 8192+ bl.add(new BigInteger(value, 16)); 8193+ } catch (NumberFormatException e) { 8194+ logger.log(Level.WARNING, "Tried to blacklist invalid serial number " + value, e); 8195+ } 8196+ } 8197+ } 8198+ 8199+ // whether that succeeds or fails, send it on its merry way 8200+ return Collections.unmodifiableSet(bl); 8201+ } 8202+ 8203+ private static final Set<byte[]> readPublicKeyBlackList(String path) { 8204+ 8205+ // start out with a base set of known bad values 8206+ Set<byte[]> bl = new HashSet<byte[]>(Arrays.asList( 8207+ // From http://src.chromium.org/viewvc/chrome/branches/782/src/net/base/x509_certificate.cc?r1=98750&r2=98749&pathrev=98750 8208+ // C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl 8209+ "410f36363258f30b347d12ce4863e433437806a8".getBytes(), 8210+ // Subject: CN=DigiNotar Cyber CA 8211+ // Issuer: CN=GTE CyberTrust Global Root 8212+ "ba3e7bd38cd7e1e6b9cd4c219962e59d7a2f4e37".getBytes(), 8213+ // Subject: CN=DigiNotar Services 1024 CA 8214+ // Issuer: CN=Entrust.net 8215+ "e23b8d105f87710a68d9248050ebefc627be4ca6".getBytes(), 8216+ // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2 8217+ // Issuer: CN=Staat der Nederlanden Organisatie CA - G2 8218+ "7b2e16bc39bcd72b456e9f055d1de615b74945db".getBytes(), 8219+ // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven 8220+ // Issuer: CN=Staat der Nederlanden Overheid CA 8221+ "e8f91200c65cee16e039b9f883841661635f81c5".getBytes(), 8222+ // From http://src.chromium.org/viewvc/chrome?view=rev&revision=108479 8223+ // Subject: O=Digicert Sdn. Bhd. 8224+ // Issuer: CN=GTE CyberTrust Global Root 8225+ "0129bcd5b448ae8d2496d1c3e19723919088e152".getBytes(), 8226+ // Subject: CN=e-islem.kktcmerkezbankasi.org/emailAddress=ileti@kktcmerkezbankasi.org 8227+ // Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri 8228+ "5f3ab33d55007054bc5e3e5553cd8d8465d77c61".getBytes(), 8229+ // Subject: CN=*.EGO.GOV.TR 93 8230+ // Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri 8231+ "783333c9687df63377efceddd82efa9101913e8e".getBytes(), 8232+ // Subject: Subject: C=FR, O=DG Tr\xC3\xA9sor, CN=AC DG Tr\xC3\xA9sor SSL 8233+ // Issuer: C=FR, O=DGTPE, CN=AC DGTPE Signature Authentification 8234+ "3ecf4bbbe46096d514bb539bb913d77aa4ef31bf".getBytes() 8235+ )); 8236+ 8237+ // attempt to augment it with values taken from gservices 8238+ String pubkeyBlacklist = readBlacklist(path); 8239+ if (!pubkeyBlacklist.equals("")) { 8240+ for (String value : pubkeyBlacklist.split(",")) { 8241+ value = value.trim(); 8242+ if (isPubkeyHash(value)) { 8243+ bl.add(value.getBytes()); 8244+ } else { 8245+ logger.log(Level.WARNING, "Tried to blacklist invalid pubkey " + value); 8246+ } 8247+ } 8248+ } 8249+ 8250+ return bl; 8251+ } 8252+ 8253+ public boolean isPublicKeyBlackListed(PublicKey publicKey) { 8254+ byte[] encoded = publicKey.getEncoded(); 8255+ Digest digest = AndroidDigestFactory.getSHA1(); 8256+ digest.update(encoded, 0, encoded.length); 8257+ byte[] out = new byte[digest.getDigestSize()]; 8258+ digest.doFinal(out, 0); 8259+ for (byte[] blacklisted : pubkeyBlacklist) { 8260+ if (Arrays.equals(blacklisted, Hex.encode(out))) { 8261+ return true; 8262+ } 8263+ } 8264+ return false; 8265+ } 8266+ 8267+ public boolean isSerialNumberBlackListed(BigInteger serial) { 8268+ return serialBlacklist.contains(serial); 8269+ } 8270+ 8271+} 8272diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 8273--- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2015-03-01 12:03:02.000000000 +0000 8274+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2015-04-09 13:10:16.000000000 +0000 8275@@ -35,6 +35,7 @@ 8276 import java.util.List; 8277 import java.util.Map; 8278 import java.util.Set; 8279+import javax.security.auth.x500.X500Principal; 8280 8281 import org.bouncycastle.asn1.ASN1Encodable; 8282 import org.bouncycastle.asn1.ASN1Enumerated; 8283@@ -73,7 +74,9 @@ 8284 import org.bouncycastle.util.Store; 8285 import org.bouncycastle.util.StoreException; 8286 import org.bouncycastle.x509.X509AttributeCertificate; 8287-import org.bouncycastle.x509.extension.X509ExtensionUtil; 8288+// BEGIN android-removed 8289+// import org.bouncycastle.x509.extension.X509ExtensionUtil; 8290+// END android-removed 8291 8292 class CertPathValidatorUtilities 8293 { 8294@@ -653,20 +656,22 @@ 8295 { 8296 Object obj = iter.next(); 8297 8298- if (obj instanceof Store) 8299- { 8300- Store certStore = (Store)obj; 8301- try 8302- { 8303- certs.addAll(certStore.getMatches(certSelect)); 8304- } 8305- catch (StoreException e) 8306- { 8307- throw new AnnotatedException( 8308- "Problem while picking certificates from X.509 store.", e); 8309- } 8310- } 8311- else 8312+ // BEGIN android-removed 8313+ // if (obj instanceof X509Store) 8314+ // { 8315+ // X509Store certStore = (X509Store)obj; 8316+ // try 8317+ // { 8318+ // certs.addAll(certStore.getMatches(certSelect)); 8319+ // } 8320+ // catch (StoreException e) 8321+ // { 8322+ // throw new AnnotatedException( 8323+ // "Problem while picking certificates from X.509 store.", e); 8324+ // } 8325+ // } 8326+ // else 8327+ // END android-removed 8328 { 8329 CertStore certStore = (CertStore)obj; 8330 8331@@ -715,7 +720,14 @@ 8332 8333 for (int j = 0; j < genNames.length; j++) 8334 { 8335- PKIXCRLStore store = namedCRLStoreMap.get(genNames[i]); 8336+ // BEGIN android-removed 8337+ // PKIXCRLStore store = namedCRLStoreMap.get(genNames[i]); 8338+ // END android-removed 8339+ // BEGIN android-added 8340+ // Seems like a bug, unless there should be a guarantee that j < i, 8341+ // However, it's breaking the tests. 8342+ PKIXCRLStore store = namedCRLStoreMap.get(genNames[j]); 8343+ // END android-added 8344 if (store != null) 8345 { 8346 stores.add(store); 8347@@ -888,8 +900,20 @@ 8348 { 8349 return; 8350 } 8351- 8352- X500Name certIssuer = X500Name.getInstance(crl_entry.getCertificateIssuer().getEncoded()); 8353+ // BEGIN android-removed 8354+ // X500Name certIssuer = X500Name.getInstance(crl_entry.getCertificateIssuer().getEncoded()); 8355+ // END android-removed 8356+ // BEGIN android-added 8357+ // The original code throws null pointer exception for OpenSSLX509CRL, 8358+ // which uses the implementation for getCertificateIssuer() in X509CRL, method 8359+ // whose reference implementation has the following JavaDoc: "If the certificate 8360+ // issuer is also the CRL issuer, this method returns null." 8361+ X500Name certIssuer = null; 8362+ X500Principal certificateIssuerPrincipal = crl_entry.getCertificateIssuer(); 8363+ if (certificateIssuerPrincipal != null) { 8364+ certIssuer = X500Name.getInstance(certificateIssuerPrincipal.getEncoded()); 8365+ } 8366+ // END android-added 8367 8368 if (certIssuer == null) 8369 { 8370diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/JCEECPrivateKey.java 8371--- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2015-03-01 12:03:02.000000000 +0000 8372+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2014-07-28 19:51:54.000000000 +0000 8373@@ -19,8 +19,10 @@ 8374 import org.bouncycastle.asn1.ASN1Sequence; 8375 import org.bouncycastle.asn1.DERBitString; 8376 import org.bouncycastle.asn1.DERNull; 8377-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 8378-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; 8379+// BEGIN android-removed 8380+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 8381+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; 8382+// END android-removed 8383 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; 8384 import org.bouncycastle.asn1.sec.ECPrivateKeyStructure; 8385 import org.bouncycastle.asn1.x509.AlgorithmIdentifier; 8386@@ -202,21 +204,23 @@ 8387 ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); 8388 X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); 8389 8390- if (ecP == null) // GOST Curve 8391- { 8392- ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); 8393- EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); 8394- 8395- ecSpec = new ECNamedCurveSpec( 8396- ECGOST3410NamedCurves.getName(oid), 8397- ellipticCurve, 8398- new ECPoint( 8399- gParam.getG().getAffineXCoord().toBigInteger(), 8400- gParam.getG().getAffineYCoord().toBigInteger()), 8401- gParam.getN(), 8402- gParam.getH()); 8403- } 8404- else 8405+ // BEGIN android-removed 8406+ // if (ecP == null) // GOST Curve 8407+ // { 8408+ // ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); 8409+ // EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); 8410+ // 8411+ // ecSpec = new ECNamedCurveSpec( 8412+ // ECGOST3410NamedCurves.getName(oid), 8413+ // ellipticCurve, 8414+ // new ECPoint( 8415+ // gParam.getG().getAffineXCoord().toBigInteger(), 8416+ // gParam.getG().getAffineYCoord().toBigInteger()), 8417+ // gParam.getN(), 8418+ // gParam.getH()); 8419+ // } 8420+ // else 8421+ // END android-removed 8422 { 8423 EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); 8424 8425@@ -330,11 +334,13 @@ 8426 8427 try 8428 { 8429- if (algorithm.equals("ECGOST3410")) 8430- { 8431- info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); 8432- } 8433- else 8434+ // BEGIN android-removed 8435+ // if (algorithm.equals("ECGOST3410")) 8436+ // { 8437+ // info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); 8438+ // } 8439+ // else 8440+ // END android-removed 8441 { 8442 8443 info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); 8444diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/JCEECPublicKey.java 8445--- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java 2015-03-01 12:03:02.000000000 +0000 8446+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/JCEECPublicKey.java 2014-07-28 19:51:54.000000000 +0000 8447@@ -18,9 +18,11 @@ 8448 import org.bouncycastle.asn1.DERBitString; 8449 import org.bouncycastle.asn1.DERNull; 8450 import org.bouncycastle.asn1.DEROctetString; 8451-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 8452-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; 8453-import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; 8454+// BEGIN android-removed 8455+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 8456+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; 8457+// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; 8458+// END android-removed 8459 import org.bouncycastle.asn1.x509.AlgorithmIdentifier; 8460 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; 8461 import org.bouncycastle.asn1.x9.X962Parameters; 8462@@ -33,9 +35,13 @@ 8463 import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; 8464 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; 8465 import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; 8466-import org.bouncycastle.jce.ECGOST3410NamedCurveTable; 8467+// BEGIN android-removed 8468+// import org.bouncycastle.jce.ECGOST3410NamedCurveTable; 8469+// END android-removed 8470 import org.bouncycastle.jce.interfaces.ECPointEncoder; 8471-import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; 8472+// BEGIN android-removed 8473+// import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; 8474+// END android-removed 8475 import org.bouncycastle.jce.spec.ECNamedCurveSpec; 8476 import org.bouncycastle.math.ec.ECCurve; 8477 import org.bouncycastle.math.ec.custom.sec.SecP256K1Point; 8478@@ -48,7 +54,9 @@ 8479 private org.bouncycastle.math.ec.ECPoint q; 8480 private ECParameterSpec ecSpec; 8481 private boolean withCompression; 8482- private GOST3410PublicKeyAlgParameters gostParams; 8483+ // BEGIN android-removed 8484+ // private GOST3410PublicKeyAlgParameters gostParams; 8485+ // END android-removed 8486 8487 public JCEECPublicKey( 8488 String algorithm, 8489@@ -58,7 +66,9 @@ 8490 this.q = key.q; 8491 this.ecSpec = key.ecSpec; 8492 this.withCompression = key.withCompression; 8493- this.gostParams = key.gostParams; 8494+ // BEGIN android-removed 8495+ // this.gostParams = key.gostParams; 8496+ // END android-removed 8497 } 8498 8499 public JCEECPublicKey( 8500@@ -181,54 +191,55 @@ 8501 8502 private void populateFromPubKeyInfo(SubjectPublicKeyInfo info) 8503 { 8504- if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001)) 8505- { 8506- DERBitString bits = info.getPublicKeyData(); 8507- ASN1OctetString key; 8508- this.algorithm = "ECGOST3410"; 8509- 8510- try 8511- { 8512- key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes()); 8513- } 8514- catch (IOException ex) 8515- { 8516- throw new IllegalArgumentException("error recovering public key"); 8517- } 8518- 8519- byte[] keyEnc = key.getOctets(); 8520- byte[] x = new byte[32]; 8521- byte[] y = new byte[32]; 8522- 8523- for (int i = 0; i != x.length; i++) 8524- { 8525- x[i] = keyEnc[32 - 1 - i]; 8526- } 8527- 8528- for (int i = 0; i != y.length; i++) 8529- { 8530- y[i] = keyEnc[64 - 1 - i]; 8531- } 8532- 8533- gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters()); 8534- 8535- ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); 8536- 8537- ECCurve curve = spec.getCurve(); 8538- EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); 8539- 8540- this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false); 8541- 8542- ecSpec = new ECNamedCurveSpec( 8543- ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), 8544- ellipticCurve, 8545- new ECPoint( 8546- spec.getG().getAffineXCoord().toBigInteger(), 8547- spec.getG().getAffineYCoord().toBigInteger()), 8548- spec.getN(), spec.getH()); 8549- 8550- } 8551- else 8552+ // if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001)) 8553+ // { 8554+ // DERBitString bits = info.getPublicKeyData(); 8555+ // ASN1OctetString key; 8556+ // this.algorithm = "ECGOST3410"; 8557+ // 8558+ // try 8559+ // { 8560+ // key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes()); 8561+ // } 8562+ // catch (IOException ex) 8563+ // { 8564+ // throw new IllegalArgumentException("error recovering public key"); 8565+ // } 8566+ // 8567+ // byte[] keyEnc = key.getOctets(); 8568+ // byte[] x = new byte[32]; 8569+ // byte[] y = new byte[32]; 8570+ // 8571+ // for (int i = 0; i != x.length; i++) 8572+ // { 8573+ // x[i] = keyEnc[32 - 1 - i]; 8574+ // } 8575+ // 8576+ // for (int i = 0; i != y.length; i++) 8577+ // { 8578+ // y[i] = keyEnc[64 - 1 - i]; 8579+ // } 8580+ // 8581+ // gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters()); 8582+ // 8583+ // ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); 8584+ // 8585+ // ECCurve curve = spec.getCurve(); 8586+ // EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); 8587+ // 8588+ // this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false); 8589+ // 8590+ // ecSpec = new ECNamedCurveSpec( 8591+ // ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), 8592+ // ellipticCurve, 8593+ // new ECPoint( 8594+ // spec.getG().getAffineXCoord().toBigInteger(), 8595+ // spec.getG().getAffineYCoord().toBigInteger()), 8596+ // spec.getN(), spec.getH()); 8597+ // 8598+ // } 8599+ // else 8600+ // END android-removed 8601 { 8602 X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithmId().getParameters()); 8603 ECCurve curve; 8604@@ -317,52 +328,54 @@ 8605 ASN1Encodable params; 8606 SubjectPublicKeyInfo info; 8607 8608- if (algorithm.equals("ECGOST3410")) 8609- { 8610- if (gostParams != null) 8611- { 8612- params = gostParams; 8613- } 8614- else 8615- { 8616- if (ecSpec instanceof ECNamedCurveSpec) 8617- { 8618- params = new GOST3410PublicKeyAlgParameters( 8619- ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()), 8620- CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet); 8621- } 8622- else 8623- { // strictly speaking this may not be applicable... 8624- ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); 8625- 8626- X9ECParameters ecP = new X9ECParameters( 8627- curve, 8628- EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), 8629- ecSpec.getOrder(), 8630- BigInteger.valueOf(ecSpec.getCofactor()), 8631- ecSpec.getCurve().getSeed()); 8632- 8633- params = new X962Parameters(ecP); 8634- } 8635- } 8636- 8637- BigInteger bX = this.q.getAffineXCoord().toBigInteger(); 8638- BigInteger bY = this.q.getAffineYCoord().toBigInteger(); 8639- byte[] encKey = new byte[64]; 8640- 8641- extractBytes(encKey, 0, bX); 8642- extractBytes(encKey, 32, bY); 8643- 8644- try 8645- { 8646- info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); 8647- } 8648- catch (IOException e) 8649- { 8650- return null; 8651- } 8652- } 8653- else 8654+ // BEGIN android-removed 8655+ // if (algorithm.equals("ECGOST3410")) 8656+ // { 8657+ // if (gostParams != null) 8658+ // { 8659+ // params = gostParams; 8660+ // } 8661+ // else 8662+ // { 8663+ // if (ecSpec instanceof ECNamedCurveSpec) 8664+ // { 8665+ // params = new GOST3410PublicKeyAlgParameters( 8666+ // ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()), 8667+ // CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet); 8668+ // } 8669+ // else 8670+ // { // strictly speaking this may not be applicable... 8671+ // ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); 8672+ // 8673+ // X9ECParameters ecP = new X9ECParameters( 8674+ // curve, 8675+ // EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), 8676+ // ecSpec.getOrder(), 8677+ // BigInteger.valueOf(ecSpec.getCofactor()), 8678+ // ecSpec.getCurve().getSeed()); 8679+ // 8680+ // params = new X962Parameters(ecP); 8681+ // } 8682+ // } 8683+ // 8684+ // BigInteger bX = this.q.getAffineXCoord().toBigInteger(); 8685+ // BigInteger bY = this.q.getAffineYCoord().toBigInteger(); 8686+ // byte[] encKey = new byte[64]; 8687+ // 8688+ // extractBytes(encKey, 0, bX); 8689+ // extractBytes(encKey, 32, bY); 8690+ // 8691+ // try 8692+ // { 8693+ // info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); 8694+ // } 8695+ // catch (IOException e) 8696+ // { 8697+ // return null; 8698+ // } 8699+ // } 8700+ // else 8701+ // END android-removed 8702 { 8703 if (ecSpec instanceof ECNamedCurveSpec) 8704 { 8705diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/PKIXCRLUtil.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/PKIXCRLUtil.java 8706--- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/PKIXCRLUtil.java 2015-03-01 12:03:02.000000000 +0000 8707+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/PKIXCRLUtil.java 2015-04-09 13:10:16.000000000 +0000 8708@@ -88,22 +88,24 @@ 8709 { 8710 Object obj = iter.next(); 8711 8712- if (obj instanceof Store) 8713- { 8714- Store store = (Store)obj; 8715+ // BEGIN android-removed 8716+ // if (obj instanceof Store) 8717+ // { 8718+ // Store store = (Store)obj; 8719 8720- try 8721- { 8722- crls.addAll(store.getMatches(crlSelect)); 8723- foundValidStore = true; 8724- } 8725- catch (StoreException e) 8726- { 8727- lastException = new AnnotatedException( 8728- "Exception searching in X.509 CRL store.", e); 8729- } 8730- } 8731- else 8732+ // try 8733+ // { 8734+ // crls.addAll(store.getMatches(crlSelect)); 8735+ // foundValidStore = true; 8736+ // } 8737+ // catch (StoreException e) 8738+ // { 8739+ // lastException = new AnnotatedException( 8740+ // "Exception searching in X.509 CRL store.", e); 8741+ // } 8742+ // } 8743+ // else 8744+ // END android-removed 8745 { 8746 CertStore store = (CertStore)obj; 8747 8748diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 8749--- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2015-03-01 12:03:02.000000000 +0000 8750+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2015-04-24 13:59:41.000000000 +0000 8751@@ -1,5 +1,8 @@ 8752 package org.bouncycastle.jce.provider; 8753 8754+// BEGIN android-added 8755+import java.math.BigInteger; 8756+// END android-added 8757 import java.security.InvalidAlgorithmParameterException; 8758 import java.security.PublicKey; 8759 import java.security.cert.CertPath; 8760@@ -41,6 +44,11 @@ 8761 public PKIXCertPathValidatorSpi() 8762 { 8763 } 8764+ // BEGIN android-added 8765+ private static class NoPreloadHolder { 8766+ private final static CertBlacklist blacklist = new CertBlacklist(); 8767+ } 8768+ // END android-added 8769 8770 public CertPathValidatorResult engineValidate( 8771 CertPath certPath, 8772@@ -73,10 +81,18 @@ 8773 { 8774 paramsPKIX = ((PKIXExtendedBuilderParameters)params).getBaseParameters(); 8775 } 8776- else 8777+ // BEGIN android-changed 8778+ // else 8779+ else if (params instanceof PKIXExtendedParameters) 8780+ // END android-changed 8781 { 8782 paramsPKIX = (PKIXExtendedParameters)params; 8783 } 8784+ // BEGIN android-added 8785+ else { 8786+ throw new InvalidAlgorithmParameterException("Expecting PKIX algorithm parameters"); 8787+ } 8788+ // END android-added 8789 8790 if (paramsPKIX.getTrustAnchors() == null) 8791 { 8792@@ -98,6 +114,22 @@ 8793 { 8794 throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0); 8795 } 8796+ // BEGIN android-added 8797+ { 8798+ X509Certificate cert = (X509Certificate) certs.get(0); 8799+ 8800+ if (cert != null) { 8801+ BigInteger serial = cert.getSerialNumber(); 8802+ if (NoPreloadHolder.blacklist.isSerialNumberBlackListed(serial)) { 8803+ // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs 8804+ String message = "Certificate revocation of serial 0x" + serial.toString(16); 8805+ System.out.println(message); 8806+ AnnotatedException e = new AnnotatedException(message); 8807+ throw new CertPathValidatorException(e.getMessage(), e, certPath, 0); 8808+ } 8809+ } 8810+ } 8811+ // END android-added 8812 8813 // 8814 // (b) 8815@@ -277,6 +309,15 @@ 8816 8817 for (index = certs.size() - 1; index >= 0; index--) 8818 { 8819+ // BEGIN android-added 8820+ if (NoPreloadHolder.blacklist.isPublicKeyBlackListed(workingPublicKey)) { 8821+ // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs 8822+ String message = "Certificate revocation of public key " + workingPublicKey; 8823+ System.out.println(message); 8824+ AnnotatedException e = new AnnotatedException(message); 8825+ throw new CertPathValidatorException(e.getMessage(), e, certPath, index); 8826+ } 8827+ // END android-added 8828 // try 8829 // { 8830 // 8831diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/X509CertificateObject.java 8832--- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2015-03-01 12:03:02.000000000 +0000 8833+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/X509CertificateObject.java 2013-01-31 02:26:40.000000000 +0000 8834@@ -57,6 +57,9 @@ 8835 import org.bouncycastle.asn1.x509.Extensions; 8836 import org.bouncycastle.asn1.x509.GeneralName; 8837 import org.bouncycastle.asn1.x509.KeyUsage; 8838+// BEGIN android-added 8839+import org.bouncycastle.asn1.x509.X509Name; 8840+// END android-added 8841 import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; 8842 import org.bouncycastle.jce.X509Principal; 8843 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; 8844@@ -562,12 +565,20 @@ 8845 } 8846 } 8847 8848+ // BEGIN android-changed 8849+ private byte[] encoded; 8850+ // END android-changed 8851 public byte[] getEncoded() 8852 throws CertificateEncodingException 8853 { 8854 try 8855 { 8856- return c.getEncoded(ASN1Encoding.DER); 8857+ // BEGIN android-changed 8858+ if (encoded == null) { 8859+ encoded = c.getEncoded(ASN1Encoding.DER); 8860+ } 8861+ return encoded; 8862+ // END android-changed 8863 } 8864 catch (IOException e) 8865 { 8866@@ -858,7 +869,9 @@ 8867 list.add(genName.getEncoded()); 8868 break; 8869 case GeneralName.directoryName: 8870- list.add(X500Name.getInstance(RFC4519Style.INSTANCE, genName.getName()).toString()); 8871+ // BEGIN android-changed 8872+ list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols)); 8873+ // END android-changed 8874 break; 8875 case GeneralName.dNSName: 8876 case GeneralName.rfc822Name: 8877diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/X509SignatureUtil.java 8878--- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2015-03-01 12:03:02.000000000 +0000 8879+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/X509SignatureUtil.java 2014-07-28 19:51:54.000000000 +0000 8880@@ -14,7 +14,9 @@ 8881 import org.bouncycastle.asn1.ASN1ObjectIdentifier; 8882 import org.bouncycastle.asn1.ASN1Sequence; 8883 import org.bouncycastle.asn1.DERNull; 8884-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 8885+// BEGIN android-removed 8886+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 8887+// END android-removed 8888 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; 8889 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; 8890 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 8891@@ -66,12 +68,14 @@ 8892 8893 if (params != null && !derNull.equals(params)) 8894 { 8895- if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) 8896- { 8897- RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); 8898- 8899- return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1"; 8900- } 8901+ // BEGIN android-removed 8902+ // if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) 8903+ // { 8904+ // RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); 8905+ // 8906+ // return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1"; 8907+ // } 8908+ // END android-removed 8909 if (sigAlgId.getAlgorithm().equals(X9ObjectIdentifiers.ecdsa_with_SHA2)) 8910 { 8911 ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params); 8912@@ -114,22 +118,24 @@ 8913 { 8914 return "SHA512"; 8915 } 8916- else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) 8917- { 8918- return "RIPEMD128"; 8919- } 8920- else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) 8921- { 8922- return "RIPEMD160"; 8923- } 8924- else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) 8925- { 8926- return "RIPEMD256"; 8927- } 8928- else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) 8929- { 8930- return "GOST3411"; 8931- } 8932+ // BEGIN android-removed 8933+ // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) 8934+ // { 8935+ // return "RIPEMD128"; 8936+ // } 8937+ // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) 8938+ // { 8939+ // return "RIPEMD160"; 8940+ // } 8941+ // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) 8942+ // { 8943+ // return "RIPEMD256"; 8944+ // } 8945+ // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) 8946+ // { 8947+ // return "GOST3411"; 8948+ // } 8949+ // END android-removed 8950 else 8951 { 8952 return digestAlgOID.getId(); 8953diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk15on-152/org/bouncycastle/x509/X509Util.java 8954--- bcprov-jdk15on-152.orig/org/bouncycastle/x509/X509Util.java 2015-03-01 12:03:02.000000000 +0000 8955+++ bcprov-jdk15on-152/org/bouncycastle/x509/X509Util.java 2014-07-28 19:51:54.000000000 +0000 8956@@ -25,12 +25,16 @@ 8957 import org.bouncycastle.asn1.ASN1Integer; 8958 import org.bouncycastle.asn1.ASN1ObjectIdentifier; 8959 import org.bouncycastle.asn1.DERNull; 8960-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 8961+// BEGIN android-removed 8962+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 8963+// END android-removed 8964 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; 8965 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; 8966 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 8967 import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; 8968-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 8969+// BEGIN android-removed 8970+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 8971+// END android-removed 8972 import org.bouncycastle.asn1.x509.AlgorithmIdentifier; 8973 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; 8974 import org.bouncycastle.jce.X509Principal; 8975@@ -44,8 +48,10 @@ 8976 8977 static 8978 { 8979- algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption); 8980- algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption); 8981+ // BEGIN android-removed 8982+ // algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption); 8983+ // algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption); 8984+ // END android-removed 8985 algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption); 8986 algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption); 8987 algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption); 8988@@ -63,12 +69,14 @@ 8989 algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 8990 algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 8991 algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 8992- algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 8993- algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 8994- algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 8995- algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 8996- algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 8997- algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 8998+ // BEGIN android-removed 8999+ // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 9000+ // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 9001+ // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 9002+ // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 9003+ // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 9004+ // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 9005+ // END android-removed 9006 algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1); 9007 algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1); 9008 algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); 9009@@ -81,11 +89,13 @@ 9010 algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); 9011 algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); 9012 algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); 9013- algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 9014- algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 9015- algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 9016- algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 9017- algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 9018+ // BEGIN android-removed 9019+ // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 9020+ // algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 9021+ // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 9022+ // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 9023+ // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 9024+ // END android-removed 9025 9026 // 9027 // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. 9028@@ -105,8 +115,10 @@ 9029 // 9030 // RFC 4491 9031 // 9032- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 9033- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 9034+ // BEGIN android-removed 9035+ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 9036+ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 9037+ // END android-removed 9038 9039 // 9040 // explicit params 9041